Port-Security

From: De Witt, Duane (duane.dewitt@siemens.com)
Date: Fri Oct 21 2005 - 04:23:18 GMT-3

• Next message: De Witt, Duane: "IEWB Lab 18"
• Previous message: simon hart: "RE: Ospf Loopbacks"
• Next in thread: mani poopal: "Re: Port-Security"
• Maybe reply: mani poopal: "Re: Port-Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Group

According to the doc cd port-security protect drops traffic while
restrict will restrict data. What are the exact differences between
dropping traffic and restricting data?

You can configure the interface for one of three violation modes, based
on the action to be taken if a violation occurs:

* protect-when the number of secure MAC addresses reaches the
maximum limit allowed on the port, packets with unknown source addresses
are dropped until you remove a sufficient number of secure MAC addresses
to drop below the maximum value.
* restrict-a port security violation restricts data and causes the
SecurityViolation counter to increment. It also sends an SNMP trap when
an address-security violation occurs.

From what I can see they both do the same thing except that restrict
will also send an SNMP trap.

Regards

Duane

____________________________________________
SIEMENS Siemens Business Services
        Siemens Service Center

126 14th Road

Erand Gardens

Midrand

South Africa

* +27 11 5452555
* +27 83 4452768
* +27 11 5415219
* duane.dewitt@siemens.com <mailto:duane.dewitt@siemens.com>

• Next message: De Witt, Duane: "IEWB Lab 18"
• Previous message: simon hart: "RE: Ospf Loopbacks"
• Next in thread: mani poopal: "Re: Port-Security"
• Maybe reply: mani poopal: "Re: Port-Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:51 GMT-3