An IP address serves two main functions: network interface identification and location addressing. Port security can be configured on access ports or trunk ports.Numerical label used to identify a network interface in an IP networkĪn Internet Protocol address ( IP address) is a numerical label such as 192.0.2.1 that is connected to a computer network that uses the Internet Protocol for communication. Further, if you use copy running-config startup-config the learned MAC addresses will be saved and will be preserved across a switch reboot. This gives a dynamically learned MAC address many of the same benefits as a statically defined address. The idea of a “sticky” MAC address is that if a port that has port security enabled dynamically learns a MAC address, and the port is configured to allow learned MAC addresses (and it is under its maximum allowed MAC addresses for that port), the switch can remember the learned MAC address, even during a link-down condition. When a device attempts to send traffic towards a secure port that does not match the allowed MAC address list, a security violation occurs and the deafult action is for the port to enter an errDisabled state with a cause of “psecure-violation”. These learned MAC addresses can be set to age out after a set period of time.Īfter you define allowed static MAC addresses, or port-security learns its allowed dynamically learned MAC address, the secured port will no longer forward ingress traffic outside of the defined address range. You can also place a limit on the maximum number of unique MAC addresses that can be learned from a port. These MAC addresses can be dynamically learned or statically defined. Port Security is used to limit the authorized users of a port to particular MAC addresses. IPv6 First Hop Security - ND Inspection / Snooping.IPv6 First Hop Security - Device Tracking.IPv6 First Hop Security - Binding Table.Filtering Traffic with Policy-Based Routing.Filtering Traffic with Time-Based Access-Lists.Filtering Packets with Dynamic Access-Lists.Traffic Filtering Using Reflexive Access-Lists.Traffic Filtering Using Extended Access-Lists.
Traffic Filtering Using Standard Access-Lists.
0 kommentar(er)
