User's Manual
Table Of Contents
- Reference for the Business Policy Switch 2000 Command Line Interface
- Contents
- Figures
- Tables
- Preface
- Chapter 1: CLI Basics
- Stacking compatibility
- Software version 2.0 compatibility with BayStack 450 switches
- New features
- CLI command modes
- Port numbering
- IP notation
- Accessing the CLI
- Setting the CLI password
- Getting help
- Basic navigation
- Managing basic system information
- Managing MAC address forwarding database table
- Displaying and setting stack operational mode
- Chapter 2: General CLI commands
- Setting the terminal
- Pinging
- Automatically loading configuration file
- Assigning and clearing IP addresses
- Assigning and clearing IP addresses for specific units
- Setting Telnet access
- Setting server for Web-based management
- Setting boot parameters
- Setting TFTP parameters
- Upgrading software
- Displaying interfaces
- Setting SNMP parameters
- Setting the system event log
- Displaying port statistics
- Enabling or disabling a port
- Naming ports
- Setting port speed
- Enabling Autopology
- Enabling flow control
- Enabling rate-limiting
- Chapter 3: Security
- Using the IP manager list
- Using MAC address security
- show mac-security command
- show mac-security mac-da-filter command
- mac-security command
- mac-security mac-address-table address command
- mac-security security-list command
- no mac-security command
- no mac-security mac-address-table command
- no mac-security security-list command
- mac-security command for specific ports
- mac-security mac-da-filter command
- Using EAPOL-based security
- Using RADIUS authentication
- Chapter 4: Spanning Tree, MLT, and Port-Mirroring
- Using spanning tree
- show spanning-tree command
- spanning-tree stp create command by STG
- spanning-tree stp delete command by STG
- spanning-tree stp enable command by STG
- spanning-tree stp disable command by STG
- spanning-tree command by STG
- default spanning-tree command by STG
- spanning-tree add-vlan command
- spanning-tree remove-vlan command
- spanning-tree command by port
- default spanning-tree command by port
- no spanning-tree command by port
- Using MLT
- Using port-mirroring
- Using spanning tree
- Chapter 5: VLANs and IGMP
- Increased VLAN support
- Configuring and displaying VLANs
- show vlan interface info command
- show vlan interface vids command
- vlan mgmt command
- default vlan mgmt command
- vlan create command
- vlan delete command
- no vlan command
- vlan name command
- auto-pvid command
- no auto-pvid command
- vlan ports command
- vlan members command
- show vlan mac-address command
- vlan mac-address command
- no vlan mac-address command
- Displaying multicast membership
- Using IGMP snooping
- Chapter 6: Policy-enabled networks and QoS
- Displaying QoS parameters
- Resetting
- Configuring COPS
- Configuring QoS interface groups
- Configuring DSCP and 802.1p and queue associations
- Configuring QoS filters and filter groups
- Configuring QoS actions
- Configuring QoS meters
- Configuring QoS shapers
- Gathering QoS statistics
- Configuring QoS policies
- Reordering packets
- Appendix A: Command List
- Index
Chapter 3 Security 123
Reference for the Business Policy Switch 2000 Command Line Interface
mac-security mac-address-table address command
The mac-security mac-address-table address command assigns either
a specific port or a security list to the MAC address. This removes any previous
assignment to the specified MAC address and creates an entry in the BaySecure
table of allowed MAC addresses. The syntax for the
mac-security
mac-address-table address
command is:
mac-security mac-address-table address <H.H.H.> {port
<portlist>|security-list <1-32>}
Table 62 mac-security command parameters and values
Parameters and variables Description
disable|enable Disables or enables MAC address-based security.
filtering {enable|disable} Enables or disables destination address (DA) filtering on intrusion
detected.
intrusion-detect
{enable|disable|forever}
Specifies partitioning of a port when an intrusion is detected:
• enable—port is partitioned for a period of time
• disabled—port is not partitioned on detection
• forever—port is partitioned until manually changed
intrusion-timer <1-65535> Specifies, in seconds, length of time a port is partitioned when an
intrusion is detected; enter the number of you want.
learning-ports <portlist> Specifies MAC address learning. Learned addresses are added
to the table of allowed MAC addresses. Enter the ports you want
to learn; it can be a single port, a range of ports, several ranges,
all, or none.
learning {enable|disable} Specifies MAC address learning:
• enable—enables learning by ports
• disable—disables learning by ports
snmp-lock {enable|disable} Enables or disables a lock on SNMP write-access to the
BaySecure MIBs.
snmp-trap {enable|disable} Enables or disables trap generation upon intrusion detection.