I hope we all know how to login to Switch by telnet or putty etc. After successful logon
Type Config t or config terminal to be in configuration mode
Following can display you existing port security settings
show port-security 1-3, 45, 8
To Configure port security and edit security settings, Add or delete devices from the list
Syntax:
port-security
[learn-mode continuous]
[learn-mode static]
[action ]
[clear-intrusion-flag]
Examples:
To Remove the port security
no port-security
(config)# port-security (Port-List) learn-mode configured address-limit (No of Address bind to the port-list) Mac-address(MAC Address) Action send-disable.
Eg: (config)# port-security 28 learn-mode configured address-limit 3 mac-address 0016ea-834254 0017ea-834254 action send-disable
Removing MAC Address from the list
Command:
(config)# port-security (port-list) address-limit (Mac Address Limit After deleting the intended Mac’s)
(config)# no port-security (port-list) mac-address (MAC Address)
Eg: (config)# port-security 20 address-limit 2
(config)# no port-security 20 mac-address 001f3c-1d7adb
After assigning Port security if you plug any PC that the MAC address is not in the
Port list the network port will be locked and cannot access it until enabling that port
How to unlock the port
Command:
(config)# interface ethernet (Port-List)
(eth-Port no)# disable
(eth-Port no)# enable
Eg: (config)# interface ethernet 20
(eth-20)# disable
ES-HPSW48-01(eth-20)# enable
Port security have Following parameters (For information on the individual control parameters)
· Action: Used when a port detects an intruder. Specifies whether to send an SNMP trap to a network management station and whether to disable the port.
· Address Limit: Sets the number of authorized MAC addresses allowed on the port.
· Learn-Mode: Specify how the port acquires authorized addresses.
· Continuous : Allows the port to learn addresses from inbound traffic from any connected device. This is the default setting.
· Limited-Continuous: Sets a finite limit ( 1 – 32 ) to the number of learned addresses allowed per port.
· Static: Enables the user to set a fixed limit on the number of MAC addresses authorized for the port and to also specify some or all of the authorized addresses. (If only some of the authorized addresses are specified, the port learns the remaining authorized addresses from the traffic received from connected devices.)
· Configured: Requires the explicit configuration of all MAC addresses authorized for the port. The port is not allowed to learn addresses from inbound traffic.