Re: switchport port-security
From: Leon van Dongen (l.dongen1@chello.nl)
Date: Mon Jun 26 2006 - 04:01:09 ART
From the C3550 software configuration guide
switchport port-security violation {protect | restrict | shutdown}
(Optional) Set the violation mode, the action to be taken when a security violation is detected, as one of these:
�protect�When the number of port secure MAC addresses reaches the maximum limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses to drop below the maximum value or increase the number of maximum allowable addresses. You are not notified that a security violation has occurred.
�restrict�When the number of secure MAC addresses reaches the limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses or increase the number of maximum allowable addresses. An SNMP trap is sent, a syslog message is logged, and the violation counter increments.
�shutdown�The interface is error-disabled when a violation occurs, and the port LED turns off. An SNMP trap is sent, a syslog message is logged, and the violation counter increments.
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/scg/swtrafc.htm#wp1111801
In both cases packets from unknown source are dropped until the requirements for passing additional traffic are met.
HTH
--Leon
>
> van: "Mike O" <mikeeo@email.msn.com>
> datum: 2006/06/26 ma AM 02:59:16 MEST
> aan: <ccielab@groupstudy.com>
> onderwerp: switchport port-security
>
> Whats the difference between:
>
> switchport port-security protect
> switchport port-security restrict
>
>
> both don't pass data right?
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4
: Sat Jul 01 2006 - 07:57:33 ART