Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4112F-ON/S4112T-ON

1411

1. Enter the following command in CONFIGURATION mode:

switchport port-security

NOTE: By default, port security is enabled globally. To disable the port security feature on the system, use the no

switchport port-security command in CONFIGURATION mode.

Enable port security on an interface

To enable port security on an interface:

1. Enter the following command in INTERFACE mode:

switchport port-security

2. Enable port security in CONFIGURATION-PORT-SECURITY mode:

no disable

NOTE: To disable the port security feature on an interface, use the disable command in CONFIGURATION-PORT-

SECURITY mode.

Configure the MAC address learning limit

After you enable port security on an interface, the interface can learn one secure MAC address by default. This limit is applicable

for both secure dynamic and secure static MAC addresses.

To configure the MAC address learning limit:

1. Enter the following command in INTERFACE mode:

switchport port-security

2. Configure the number of secure MAC addresses that an interface can learn in INTERFACE PORT SECURITY mode:

mac-learn {limit | no-limit}

For the limit keyword, the range is from 0 to 3072. To enable the interface to learn the maximum number of MAC

addresses that the hardware supports, use the no-limit keyword.

MAC address learning limit example

OS10# configure terminal

OS10(config)#interface ethernet 1/1/1

OS10(config-if-eth1/1/1)#switchport port-security

OS10(config-if-port-sec)# no disable

OS10(config-if-port-sec)#mac-learn limit 100

Configure MAC address learning limit violation actions

Use the following commands in INTERFACE PORT SECURITY mode:

● To display which MAC address causes a violation, use the log option. The system also drops the packet.

OS10(config-if-port-sec)#mac-learn limit violation log

● To drop the packet when a MAC address learning limit violation occurs, use the drop option.

OS10(config-if-port-sec)#mac-learn limit violation drop

● To forward the packet when a MAC address learning limit violation occurs, use the flood option. The system does not learn

the MAC address.

OS10(config-if-port-sec)#mac-learn limit violation forward

● To shut down an interface on a MAC address learning limit violation, use the shutdown option.

OS10(config-if-port-sec)#mac-learn limit violation shutdown

1412

Security