Manualshelf

Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x
1001100210031004100510061007100810091010
976 PowerConnect B-Series TI24X Configuration Guide
53-1002269-02
Configuring the MAC port security feature
29
On a tagged interface
When specifying a secure MAC address on a tagged interface, you must also specify the VLAN ID.
To do so, enter commands such as the following.
PowerConnect(config)# int e 11
PowerConnect(config-if-e10000-11)# port security
PowerConnect(config-port-security-e10000-11)# secure-mac-address 0050.DA18.747C 2
Syntax: [no] secure-mac-address <mac-address> <vlan-ID>
NOTE
If MAC port security is enabled on a port and you change the VLAN membership of the port, make
sure that you also change the VLAN ID specified in the secure-mac-address configuration statement
for the port.
When a secure MAC address is applied to a tagged port, the vlan-id is generated for both tagged
and untagged ports. When you display the configuration, you will see an entry for the secure MAC
addresses secure-mac-address <address> <vlan>. For example, you may see the
following line.
secure-mac-address 0000.1111.2222 10
This line means that MAC address 0000.1111.2222 on VLAN 10 is a secure MAC address.
Autosaving secure MAC addresses to the
startup-config file
Learned MAC addresses can automatically be saved to the startup-config file at specified intervals.
For example, to automatically save learned secure MAC addresses every twenty minutes, enter the
following commands.
PowerConnect(config)# port security
PowerConnect(config-port-security)# autosave 20
Syntax: [no] autosave <minutes>
You can specify from 15 – 1440 minutes. By default, secure MAC addresses are not autosaved to
the startup-config file.
Specifying the action taken when a security
violation occurs
A security violation can occur when a user tries to connect to a port where a MAC address is
already locked, or the maximum number of secure MAC addresses has been exceeded. When a
security violation occurs, an SNMP trap and Syslog message are generated.
You can configure the device to take one of two actions when a security violation occurs; either
drop packets from the violating address (and allow packets from secure addresses), or disable the
port for a specified time.