User's Manual
192
packets. In static security mode, you can set the static security MAC address on a port and then you should
consider two cases: if it is in static reception mode, only the packets whose destination MACs are security
MACs can be allowed to enter this port and other packets will be dropped; if it is in static rejection mode, the
packets whose destination MACs are security MACs will be all dropped and other packets will be allowed to
pass through this port.
Command Purpose
config Enters the global configuration mode.
interface g0/1 Enters the to-be-configured port.
[no] switchport port-security mode
{dynamic | static accept|reject }
Configures the port security mode.
Dynamic means the dynamic security mode.
static accept means the static reception mode.
static reject means the static rejection mode.
[no] switchport port-security dynamic
maximum num
Sets the threshold of learning MAC
addresses.
[no] switchport port-security static mac-
address H.H.H
Sets static security address
exit Backs to the global configuration mode.
exit Backs to the EXEC mode.
25.8 Port Binding
This type of switches can bind the IP address and the MAC address to a port at the same time, and of
course you can bind either one to the port.
Run the following commands to enter the EXEC mode:
Command Purpose
config Enters the global configuration mode.
interface g0/1 Enters the to-be-configured port.
[no] switchport port-security
bind|block {ip|arp| both-arp-ip
A.B.C.D | mac H.H.H }
Configures the port binding function.
bind means that only the packets that comply with the
binding requirements can pass while other packets
will be dropped; block means that only the packets
that comply with the binding requirements will be
rejected and other packets will pass.