Alcatel Carrier Internetworking Solutions 6300-24 Manuale Utente
Configuring the Switch
3-52
3
CLI – This example enables SSH, sets the authentication parameters, and displays
the current configuration. It shows that the administrator has made a connection via
SHH, and then disables this connection.
the current configuration. It shows that the administrator has made a connection via
SHH, and then disables this connection.
Configuring Port Security
Port security is a feature that allows you to configure a switch port with one or more
device MAC addresses that are authorized to access the network through that port.
device MAC addresses that are authorized to access the network through that port.
When port security is enabled on a port, the switch stops learning new MAC
addresses on the specified port. Only incoming traffic with source addresses already
stored in the dynamic or static address table will be accepted as authorized to
access the network through that port. If a device with an unauthorized MAC address
attempts to use the switch port, the intrusion will be detected and the switch can
automatically take action by disabling the port and sending a trap message.
addresses on the specified port. Only incoming traffic with source addresses already
stored in the dynamic or static address table will be accepted as authorized to
access the network through that port. If a device with an unauthorized MAC address
attempts to use the switch port, the intrusion will be detected and the switch can
automatically take action by disabling the port and sending a trap message.
To use port security, first allow the switch to dynamically learn the <source MAC
address, VLAN> pair for frames received on a port for an initial training period, and
then enable port security to stop address learning. Be sure you enable the learning
function long enough to ensure that all valid VLAN members have been registered
on the selected port. Note that you can also restrict the maximum number of
addresses that can be learned by a port.
address, VLAN> pair for frames received on a port for an initial training period, and
then enable port security to stop address learning. Be sure you enable the learning
function long enough to ensure that all valid VLAN members have been registered
on the selected port. Note that you can also restrict the maximum number of
addresses that can be learned by a port.
To add new VLAN members at a later time, you can manually add secure addresses
with the Static Address Table (page 3-100), or turn off port security to reenable the
learning function long enough for new VLAN members to be registered. Learning
may then be disabled again, if desired, for security.
with the Static Address Table (page 3-100), or turn off port security to reenable the
learning function long enough for new VLAN members to be registered. Learning
may then be disabled again, if desired, for security.
Command Usage
• A secure port has the following restrictions:
• A secure port has the following restrictions:
- Cannot use port monitoring.
- Cannot be a multi-VLAN port.
- It cannot be used as a member of a static or dynamic trunk.
- It should not be connected to a network interconnection device.
- Cannot be a multi-VLAN port.
- It cannot be used as a member of a static or dynamic trunk.
- It should not be connected to a network interconnection device.
• If a port is disabled (shut down) due to a security violation, it must be manually
re-enabled from the Port/Port Configuration page (page 3-77).
Console(config)#ip ssh server
Console(config)#ip ssh timeout 100
Console(config)#ip ssh authentication-retries 5
Console(config)#ip ssh server-key size 512
Console(config)#end
Console#show ip ssh
Console#show ip ssh
SSH Enabled - version 2.0
Negotiation timeout: 120 secs; Authentication retries: 3
Server key size: 768 bits
Console#show ssh
Negotiation timeout: 120 secs; Authentication retries: 3
Server key size: 768 bits
Console#show ssh
Connection Version State Username Encryption
0 2.0 Session-Started admin ctos aes128-cbc-hmac-md5
stoc aes128-cbc-hmac-md5
Console#disconnect 0
0 2.0 Session-Started admin ctos aes128-cbc-hmac-md5
stoc aes128-cbc-hmac-md5
Console#disconnect 0
Console#