xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
545
71
PORT SECURITY COMMANDS
The primary purpose of port security function is to restrict the access to a switch port to a number of authorized users. If
an unauthorized user tries to access a port-security enabled port, the system will block the access by dropping its packet.
The Port Security commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in
the following table.
Command Parameters
config port_security ports
[<portlist> | all] {admin_state [enable | disable] | max_learning_addr
<max_lock_no 0-64> | lock_address_mode [Permanent | DeleteOnTimeout |
DeleteOnReset]}(1)
delete port_security_entry vlan_name <vlan_name 32> port <port> mac_address <macaddr>
clear port_security_entry port
<portlist>
show port_security
{ports <portlist>}
Each command is listed, in detail, in the following sections.
config port_security
Purpose This command is used to set the port level port security setting.
Syntax
config port_security ports [<portlist> | all] {admin_state [enable | disable] |
max_learning_addr <max_lock_no 0-64> | lock_address_mode [permanent | delete
ontimeout | deleteonreset]}(1)
Description This command configures admin state, maximum learning address and lock address mode.
There are four levels of limitations on the learned entry number, for the entire system, for a
port, for a VLAN, and for specific VLAN on a port. If any limitation is exceeded, the new entry
will be discarded.
Parameters
portlist - Specifies a range of ports to be configured.
all - Specifies that all ports will be configured.
admin_state - Specifies to enable/disable the port security function on the port. By default,
the setting is disabled.
max_learning_addr - Specifies the maximum of port security entries that can be learned on
this port. If the value is set to 0, it means that no user can get authorized by port security
function on this port. If the setting is smaller than the number of current learned entries on the
port, the command will be rejected. The default value is 1.
lock_address_mode - Indicates the mode of locking address. The default mode is
deleteonreset.
Permanent - The address will never be deleted unless the user removes it manually
or the VLAN of the entry is removed or the port is removed from the VLAN, or port
security is disabled on the port where the address resides..
DeleteOnTimeout - This entry will be removed if it’s idle for the ageing time.
DeleteOnReset - This address will be removed if the switch is reset or reboots. The
cases under which the permanent entries are deleted also apply to the deleteonreset
entries,
Restrictions Only Administrator and Operator-level users can issue this command.
