hit counter script

Security Violations - Cisco Catalyst 2928 Software Configuration Manual

Ios release 12.2(55)ez
Table of Contents

Advertisement

Configuring Port Security

Security Violations

It is a security violation when one of these situations occurs:
You can configure the interface for one of four violation modes, based on the action to be taken if a
violation occurs:
Table 22-1
security.
Table 22-1
Security Violation Mode Actions
Traffic is
Violation Mode
forwarded
protect
No
restrict
No
shutdown
No
shutdown vlan
No
1. Packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses.
2. The switch returns an error message if you manually configure an address that would cause a security violation.
3. Shuts down only the VLAN on which the violation occurred.
Catalyst 2928 Switch Software Configuration Guide
22-10
The maximum number of secure MAC addresses have been added to the address table, and a station
whose MAC address is not in the address table attempts to access the interface.
An address learned or configured on one secure interface is seen on another secure interface in the
same VLAN.
protect—When the number of secure MAC addresses reaches the maximum limit allowed on the
port, packets with unknown source addresses are dropped until you remove a sufficient number of
secure MAC addresses to drop below the maximum value or increase the number of maximum
allowable addresses. You are not notified that a security violation has occurred.
Note
We do not recommend configuring the protect violation mode on a trunk port. The protect
mode disables learning when any VLAN reaches its maximum limit, even if the port has not
reached its maximum limit.
restrict—When the number of secure MAC addresses reaches the maximum limit allowed on the
port, packets with unknown source addresses are dropped until you remove a sufficient number of
secure MAC addresses to drop below the maximum value or increase the number of maximum
allowable addresses. In this mode, you are notified that a security violation has occurred. An SNMP
trap is sent, a syslog message is logged, and the violation counter increments.
shutdown—A port security violation causes the interface to become error-disabled and to shut down
immediately, and the port LED turns off. An SNMP trap is sent, a syslog message is logged, and the
violation counter increments. When a secure port is in the error-disabled state, you can bring it out
of this state by entering the errdisable recovery cause psecure-violation global configuration
command, or you can manually re-enable it by entering the shutdown and no shut down interface
configuration commands. This is the default mode.
shutdown vlan—Use to set the security violation mode per-VLAN. In this mode, the VLAN is error
disabled instead of the entire port when a violation occurs
shows the violation mode and the actions taken when you configure an interface for port
Sends SNMP
1
trap
No
Yes
Yes
Yes
Sends syslog
Displays error
message
message
No
No
Yes
No
Yes
No
Yes
No
Chapter 22
Configuring Port-Based Traffic Control
Violation
counter
2
increments
No
Yes
Yes
Yes
Shuts down port
No
No
Yes
3
No
OL-23389-01

Advertisement

Table of Contents
loading

Table of Contents