User's Manual
199
Chapter 27 Secure Port Configuration
27.1 Overview
You can control the access function of the secure port, enabling the port to run in a certain range according to
your configuration. If you enable the security function of a port through configuring the number of secure MAC
addresses for the port. If the number of secure MAC addresses exceeds the upper limitation and MAC
addresses are insecure, secure port violation occurs. You should take actions according to different violation
modes.
The secure port has the following functions:
Configuring the number of secure MAC addresses
Configuring static secure MAC addresses
If the secure port has no static secure MAC address or the number of static secure MAC
addresses is smaller than that of secure MAC addresses, the port will learn dynamic MAC
addresses.
Dropping violated packets when secure port violation occurs
The section describes how to configure the secure port for the switch.
27.2 Configuration Task of the Secure Port
Configuring Secure Port Mode
Configuring the Static MAC Address of the Secure Port
27.3 Configuring the Secure Port
27.3.1 Configuring the Secure Port Mode
There are two static secure port modes: accept and reject. If it is the accept mode, only the flow whose source
address is same to the local MAC address can be received by the port for communication. If it is the reject
mode, only the flow whose source address is different to the local MAC address can be received by the port.
Run the following commands in EXEC mode to enable or disable the secure port function:
Command Purpose
configure
Enters the global configuration mode.
interface
g0/1
Enters the to-be-configured port.
[no] switchport port-security mode
static {accept | reject}
Configures the secure port mode.
exit
Goes back to the global configuration mode.
exit
Goes back to the EXEC mode.
write
Saves the configuration.