Static secure MAC
- Statically configure MAC address are statically entered by an administrator.
- Static MAC are stored in the MAC address table even after reboot.
- This type of secure MAC address can produce the most administrative over head
- These MAC addresses are dynamically learned
- It is also stored in the MAC address Table.
- Needs to be relearned after reboot
- Less administrative overhead
- A mixture of static and dynamic
- Can be learned or statically entered
- Can be saved even after reboot
- Least administrative effort
There are four Port Security Actions that can be taken if a device is connected to a secure port which violates the settings
Protect
- Protect mode simply discards all unicast or multicast frames with unknown source MAC address (MAC not assign to port)
- No alert is ever sent so an administrator would never know the port ever entered this mode
- Shuts down the port, sends it into an err-disable state
- Sends out an SNMP and syslog message
- Drops packet with unknown MAC addresses when the MAC address reaches a admin set maximum
- Normally used with dynamic and an allowed amount of MAC address
- Can be useful when you want to simply control how many devices can connect to a single port
- Sends out SNMP and syslog
- Similar to Shutdown, shutdown a VLAN instead of an port not covered in CCNA
No comments:
Post a Comment