MAC to Port Mapping Don't allow any MAC addresses other then those mapped to pass traffic Static= Static MAC-to-Port Mapping Dynamic= Learn the MAC and map to the port, then don't allow any other MAC addresses one or mored depending on the setting. Can age the dynamic mapping age out Sticky= Same as dynamic, but stores mapping in NVRAM (think after reboot) Violations Shutdown= Shuts down the port Restrict= Drops traffic from any other MAC addresses Protect= Same as Restrict, but will learn the MAC address of the first violator and will log the violator, but will not learn any other MAC's. It will still drop the traffic This SHOULD be the setting used in ISE deployments Configure port security only on L2 interfaces Access Port: You can configure port security on interfaces that you have configured as L2 access ports Trunk Ports: You can configure port security on interfaces that you have configured as L2 trunk ports and will allow VLAN maximums only for VLAN associated with the trunk port Span Ports: You can configured port security on SPAN SRC ports, but not on SPAN DEST ports Ethernet Port-Channels: You can configure port security on L2 ethernet port-channel in either access mode or trunk mode Virtual Port-Channels: Port security is supported on orphan ports, switch virtual port-channel (vPC's), stright-through vPC's, active-active vPC's, and enchanted L2 vPC's Fabric Extenders (FEX) Ports: Port security is supported on GEM (generic expansion modules) and FEX ports Private VLAN Enabled Ports: Ports Security is supported on port that are enabled as private VLAN ports. |
Blog >