Command Line Reference
Security Configuration
Port Security
17 min
port security port security show port security show port security \[command] show port security \[{ethernet|link aggregation}] \[ interface num|lag id ] \[purpose] display port security configuration \[parameter] true 151,558 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type \[view] system view sonic# show port security interface port security sticky mac max secure addr violation action \ ethernet1 enable enable 1 restrict portchannel0020 enable enable 1 restrict show port security address show port security address \[command] show port security address \[{ethernet|link aggregation}] \[ interface num|lag id ] \[purpose] display specific security mac information \[parameter] true 167,561 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type \[view] system view sonic# show port security address ethernet 1 no vlan mac address port type \ 1 vlan100 00 00 01 02 03 04 ethernet1 static total number of entries 1 port security enable port security enable \[command] port security enable no port security enable \[purpose] enable port security function \[view] interface view \[comment] before enabling port security, you need to add the interface to a vlan first sonic# configure sonic(config)# interface ethernet 1 sonic(config if 1)# port security enable port security address port security address \[command] port security address nn\ nn\ nn\ nn\ nn \ nn vlan vlan id no port security address nn\ nn\ nn\ nn\ nn \ nn vlan vlan id \[purpose] configure static security mac address \[view] interface view \[comment] before configuring a static security mac address, you need to enable the port security function first sonic# configure sonic(config)# interface ethernet 1 sonic(config if 1)# port security address 00 00 01 02 03 05 vlan 100 port security maximum port security maximum \[command] port security maximum max num no port security maximum \[purpose] configure the maximum limit of secure mac addresses for the interface the default value is 1 static secure mac addresses, dynamic secure mac addresses, and sticky mac addresses share this maximum limit \[parameter] true 125,595 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type \[view] interface view sonic# configure sonic(config)# interface ethernet 1 sonic(config if 1)# port security maximum 10 port security sticky port security sticky \[command] port security sticky no port security sticky \[purpose] enable sticky mac function \[view] interface view sonic# configure sonic(config)# interface ethernet 1 sonic(config if 1)# port security sticky port security violation port security violation \[command] port security violation {protect|restrict|shutdown} no port security violation \[purpose] configure security mac protection actions when the number of security mac addresses reaches the set maximum, the default protection action is "restrict" \[parameter] true 98,640 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type \[view] interface view sonic# configure sonic(config)# interface ethernet 1 sonic(config if 1)# port security violation protect clear port security address clear port security address \[command] clear port security address \[ethernet|link aggregation] \[ interface num|lag id ] clear port security address \[static|dynamic|sticky] \[purpose] delete entries from the security mac table \[parameter] true 150,561 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type \[view] system view sonic# clear port security address mac learning priority mac learning priority \[command] mac learning priority {low|high} no mac learning priority \[purpose] configure the learning priority for mac the default is low fdbs learned from high priority interfaces are not allowed to drift to low priority interfaces; fdbs learned from low priority interfaces are allowed to drift to high priority interfaces \[view] interface view sonic# configure sonic(config)# interface ethernet 1 sonic(config if 1)# mac learning priority high mac learning group mac learning group \[command] mac learning group group id no mac learning group \[purpose] configure mac learning groups, allowing mac migration between interfaces within the same learning group \[parameter] true 124,597 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type \[view] interface view sonic# configure sonic(config)# interface ethernet 1 sonic(config if 1)# mac learning group 10 show mac learning priority show mac learning priority \[command] show mac learning priority \[{ethernet|link aggregation}] \[ interface num|lag id ] \[purpose] displays mac learning priority configuration \[parameter] true 161,572 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type \[view] system view sonic# show mac learning priority ethernet 5 interface priority \ ethernet5 low show mac learning group show mac learning group \[command] show mac learning group \[{ethernet|link aggregation}] \[ interface num|lag id ] \[purpose] displays mac learning group configuration \[parameter] true 144,587 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type \[view] system view sonic# show mac learning group ethernet 6 interface group id \ ethernet6 0
