From: mani poopal (mani_ccie@yahoo.com)
Date: Fri Oct 21 2005 - 08:50:41 GMT-3
Hi
port security:
shut--shut the port(default state, I think is not good state)
protect-violaters will not be allowed, only allowed list is allowed throught the port
restrict-same as protect but you have the vidsibility becasue it logs the violators
hope this helps
Mani
"De Witt, Duane" <duane.dewitt@siemens.com> wrote:
Hi Group
According to the doc cd port-security protect drops traffic while
restrict will restrict data. What are the exact differences between
dropping traffic and restricting data?
You can configure the interface for one of three violation modes, based
on the action to be taken if a violation occurs:
* protect-when the number of secure MAC addresses reaches the
maximum limit allowed on the port, packets with unknown source addresses
are dropped until you remove a sufficient number of secure MAC addresses
to drop below the maximum value.
* restrict-a port security violation restricts data and causes the
SecurityViolation counter to increment. It also sends an SNMP trap when
an address-security violation occurs.
From what I can see they both do the same thing except that restrict
will also send an SNMP trap.
Regards
Duane
____________________________________________
SIEMENS Siemens Business Services
Siemens Service Center
126 14th Road
Erand Gardens
Midrand
South Africa
* +27 11 5452555
* +27 83 4452768
* +27 11 5415219
* duane.dewitt@siemens.com
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:52 GMT-3