User Guide
OmniAccess SafeGuard OS Administration Guide
176
Chapter 5: Setting Up SafeGuard Switches
Configuring Port Security
This section describes the commands used to configure port security on the switch. Port
security, which is also known as port MAC locking, allows the network to be secured by
locking certain MAC addresses on a given port. Packets with a matching source MAC
address are forwarded normally, and all other packets are discarded. Port security also
limits the number of MAC addresses that can be learned on a port. Once the maximum
number has been reached, new MAC addresses will not be learned and packets with new
MAC addresses will be discarded. The Port security feature must be enabled both
globally and at the interface level.
See the following sections for more details:
■ Enabling Port Locking
■ Setting the Maximum Number of Dynamically Locked MAC Addresses
■ Setting the Maximum Number of Statically Locked MAC Addresses
■ Adding a MAC Address to the Statically Locked List
■ Converting Dynamically Locked Address To Statically Locked Addresses
■ Displaying the Port Security Settings
■ Displaying the Dynamically Locked MAC Addresses for a Port
■ Displaying the Statically Locked MAC Addresses for a Port
Enabling Port Locking
To enable port locking, use the port-security command. The command may be used in
the Global Configuration mode for system level port locking and in the Interface
Configuration mode for port level locking (for enabling on a specific interface/port). Use
the no version of the command to disable port locking in the appropriate configuration
mode.
port-security
no port-security
Description Possible values are: “Mgmt Config” (management
configured entries) and “Network Assist” (network
assisted entries).
Interfaces Interfaces on which this multicast address was learned or
the mrouter ports for this particular VLAN.
Field Description