Cisco Nexus 7000 Series Command Reference Manual page 713

S Commands
After 100 security violations occur, the device disables learning on the interface and drops all ingress traffic
from nonsecure MAC addresses. In addition, the device generates an SNMP trap for each security violation.
• Protect—Prevents further violations from occurring. The address that triggered the security violation is
If a violation occurs because ingress traffic from a secure MAC address arrives at a different interface than
the interface on which the address is secure, the device applies the action on the interface that received the
traffic.
This command does not require a license.
Examples This example shows how to configure an interface to respond to a security violation event with the protect
action:
switch# configure terminal
switch(config)# interface ethernet 2/1
switch(config-if)# switchport port-security violation protect
switch(config-if)#
Related Commands
Command
feature port-security
show port-security
switchport port-security
switchport port-security aging time
switchport port-security aging type
switchport port-security mac-address
switchport port-security mac-address sticky
switchport port-security maximum
learned but any traffic from the address is dropped. Further address learning stops.
switchport port-security violation
Description
Enables port security globally.
Shows information about port security.
Enables port security on a Layer 2 interface.
Configures the aging time for dynamically learned,
secure MAC addresses.
Configures the aging type for dynamically learned,
secure MAC addresses.
Configures a static MAC address.
Enables the sticky method for learning secure MAC
addresses.
Configures an interface or a VLAN maximum for
secured MAC addresses on an interface.
Cisco Nexus 7000 Series Security Command Reference
687