Command Line Reference
Security Configuration
Port Security
17 min
port security show port security \[command] show port security \[{ethernet|link aggregation}] \[ interface num|lag id ] \[purpose] display port security configuration \[parameter] parameter description interface num ethernet name lag id aggregate group id, range 1 9999 \[view] system view sonic# show port security interface port security sticky mac max secure addr violation action \ ethernet1 enable enable 1 restrict portchannel0020 enable enable 1 restrict show port security address \[command] show port security address \[{ethernet|link aggregation}] \[ interface num|lag id ] \[purpose] display specific security mac information \[parameter] parameter description interface num ethernet name lag id aggregate group id, range 1 9999 \[view] system view sonic# show port security address ethernet 1 no vlan mac address port type \ 1 vlan100 00 00 01 02 03 04 ethernet1 static total number of entries 1 port security enable \[command] port security enable no port security enable \[purpose] enable port security function \[view] interface view \[comment] before enabling port security, you need to add the interface to a vlan first sonic# configure sonic(config)# interface ethernet 1 sonic(config if 1)# port security enable port security address \[command] port security address nn\ nn\ nn\ nn\ nn \ nn vlan vlan id no port security address nn\ nn\ nn\ nn\ nn \ nn vlan vlan id \[purpose] configure static security mac address \[view] interface view \[comment] before configuring a static security mac address, you need to enable the port security function first sonic# configure sonic(config)# interface ethernet 1 sonic(config if 1)# port security address 00 00 01 02 03 05 vlan 100 port security maximum \[command] port security maximum max num no port security maximum \[purpose] configure the maximum limit of secure mac addresses for the interface the default value is 1 static secure mac addresses, dynamic secure mac addresses, and sticky mac addresses share this maximum limit \[parameter] parameter description max num the maximum number of interface security mac addresses, ranging from 1 to 1024 \[view] interface view sonic# configure sonic(config)# interface ethernet 1 sonic(config if 1)# port security maximum 10 port security sticky \[command] port security sticky no port security sticky \[purpose] enable sticky mac function \[view] interface view sonic# configure sonic(config)# interface ethernet 1 sonic(config if 1)# port security sticky port security violation \[command] port security violation {protect|restrict|shutdown} no port security violation \[purpose] configure security mac protection actions when the number of security mac addresses reaches the set maximum, the default protection action is "restrict" \[parameter] parameter description protect discard packets with source addresses not in the mac table restrict discard packets with source addresses not in the mac table and issues an alert shutdown the interface performs a shutdown operation and issues an alert \[view] interface view sonic# configure sonic(config)# interface ethernet 1 sonic(config if 1)# port security violation protect clear port security address \[command] clear port security address \[ethernet|link aggregation] \[ interface num|lag id ] clear port security address \[static|dynamic|sticky] \[purpose] delete entries from the security mac table \[parameter] parameter description interface num ethernet name lag id aggregate group id, range 1 9999 static static security mac address dynamic dynamic security mac address sticky sticky security mac address \[view] system view sonic# clear port security address mac learning priority \[command] mac learning priority {low|high} no mac learning priority \[purpose] configure the learning priority for mac the default is low fdbs learned from high priority interfaces are not allowed to drift to low priority interfaces; fdbs learned from low priority interfaces are allowed to drift to high priority interfaces \[view] interface view sonic# configure sonic(config)# interface ethernet 1 sonic(config if 1)# mac learning priority high mac learning group \[command] mac learning group group id no mac learning group \[purpose] configure mac learning groups, allowing mac migration between interfaces within the same learning group \[parameter] parameter description group id mac learning group name, range 0 15, default 0 \[view] interface view sonic# configure sonic(config)# interface ethernet 1 sonic(config if 1)# mac learning group 10 show mac learning priority \[command] show mac learning priority \[{ethernet|link aggregation}] \[ interface num|lag id ] \[purpose] displays mac learning priority configuration \[parameter] parameter description interface num ethernet name lag id aggregate group id, range 1 9999 \[view] system view sonic# show mac learning priority ethernet 5 interface priority \ ethernet5 low show mac learning group \[command] show mac learning group \[{ethernet|link aggregation}] \[ interface num|lag id ] \[purpose] displays mac learning group configuration \[parameter] parameter description interface num ethernet name lag id aggregate group id, range 1 9999 \[view] system view sonic# show mac learning group ethernet 6 interface group id \ ethernet6 0
