You can allow the port to dynamically configure secure MAC addresses with the MAC addresses of connected devices.You can statically configure all secure MAC addresses by using the switchport port-security mac-address mac_address interface configuration command.If traffic with a secure MAC address that is configured or learned on one secure port attempts to access another secure port in the same VLAN, applies the configured violation mode.Īfter you have set the maximum number of secure MAC addresses on a port, port security includes the secure addresses in the address table in one of these ways:.When the maximum number of secure MAC addresses is reached on a secure port and the source MAC address of the ingress traffic is different from any of the identified secure MAC addresses, port security applies the configured violation mode. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the device attached to that port has the full bandwidth of the port.Ī security violation occurs in either of these situations: When you assign secure MAC addresses to a secure port, the port does not forward ingress traffic that has source addresses outside the group of defined addresses. You can use port security with dynamically learned and static MAC addresses to restrict a port’s ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port. Port Security with Dynamically Learned and Static MAC Addresses: Alternatively, you can use port security to filter traffic that is destined to or received from a specific host that is based on the host MAC address. You can use port security to block input to an Ethernet, Fast Ethernet, or Gigabit Ethernet port when the MAC address of the station attempting to access the port is different from any of the MAC addresses that are specified for that port. Get my ICND1 and ICND2 courses for $10 here: (you will get ICND2 as a free bonus when you buy the ICND1 course).įor lots more content, visit – learn about GNS3, CCNA, Packet Tracer, Python, Ansible and much, much more. Get the Packet Tracer course for only $10 by clicking here:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |