Cisco Nexus 7000 Series Command Reference Manual page 712
Hide thumbs
Also See for Nexus 7000 Series:
- Reference manual (746 pages) ,
- Configuration manual (536 pages) ,
- Hardware installation and reference manual (508 pages)
Table of Contents
Advertisement
switchport port-security violation
Usage Guidelines
The default security violation action is to shut down the interface.
You must enable port security by using the feature port-security command before you can use the switchport
port-security violation command.
Before using this command, you must use the switchport command to configure the interface to operate as
a Layer 2 interface.
Port security triggers security violations when either of the two following events occur:
• Ingress traffic arrives at an interface from a nonsecure MAC address and learning the address would
When an interface has both a VLAN maximum and an interface maximum configured, a violation occurs
when either maximum is exceeded. For example, consider the following on a single interface configured with
port security:
•
The device detects a violation when any of the following occurs:
•
• Ingress traffic from a secure MAC address arrives at a different interface in the same VLAN as the
After a secure MAC address is configured or learned on one secure port, the sequence of events that occurs
Note
when port security detects that secure MAC address on a different port in the same VLAN is known as a
MAC move violation.
When a security violation occurs, the device takes the action specified by the port security configuration of
the applicable interface. The possible actions are as follows:
• Shutdown—Shuts down the interface that received the packet triggering the violation. The interface is
You can use the errdisable global configuration command to configure the device to reenable the interface
automatically if a shutdown occurs, or you can manually reenable the interface by entering the shutdown and
no shut down interface configuration commands.
• Restrict—Drops ingress traffic from any nonsecure MAC addresses. Address learning continues until
Cisco Nexus 7000 Series Security Command Reference
686
exceed the applicable maximum number of secure MAC addresses.
◦
VLAN 1 has a maximum of 5 addresses
◦ The interface has a maximum of 10 addresses
◦
The device has learned five addresses for VLAN 1 and inbound traffic from a sixth address arrives
at the interface in VLAN 1.
◦ The device has learned 10 addresses on the interface and inbound traffic from an 11th address
arrives at the interface.
interface on which the address is secured.
error disabled. This action is the default. After you reenable the interface, it retains its port security
configuration, including its secure MAC addresses.
100 security violations have occurred on the interface. Traffic from addresses learned after the first
security violation is dropped.
S Commands
Advertisement
Table of Contents
