Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Difference between protect/restrict port security violation action?

Hi all,

I've read the documentation, but found the explanations a bit vague. Could someone please explain the difference between these two?

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/comref/s1.htm#wp1184020

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Difference between protect/restrict port security violation

Only difference is that, security violation counters are incremented in restrict, while its not incremented in protect.

So each time a violation occurs and you do a show port-security on that port.

Switch# show port-security interface fastethernet0/1

Port Security: Enabled

Port status: SecureUp

Violation mode: Shutdown

Maximum MAC Addresses :50

Total MAC Addresses: 11

Configured MAC Addresses: 0

Sticky MAC Addresses :11

Aging time: 20 mins

Aging type: Inactivity

SecureStatic address aging: Enabled

Security Violation count: 0

The counter above in bold will be incremented when restrict is configured, and will not increment, if protect is configured.

Either ways, the packets from the insecure hosts will be dropped, if a violation occurs.

HTH

Sankar.

6 REPLIES

Re: Difference between protect/restrict port security violation

Only difference is that, security violation counters are incremented in restrict, while its not incremented in protect.

So each time a violation occurs and you do a show port-security on that port.

Switch# show port-security interface fastethernet0/1

Port Security: Enabled

Port status: SecureUp

Violation mode: Shutdown

Maximum MAC Addresses :50

Total MAC Addresses: 11

Configured MAC Addresses: 0

Sticky MAC Addresses :11

Aging time: 20 mins

Aging type: Inactivity

SecureStatic address aging: Enabled

Security Violation count: 0

The counter above in bold will be incremented when restrict is configured, and will not increment, if protect is configured.

Either ways, the packets from the insecure hosts will be dropped, if a violation occurs.

HTH

Sankar.

New Member

Re: Difference between protect/restrict port security violation

Clear!

Thanks Sankar..

New Member

Re: Difference between protect/restrict port security violation

Sankar... if I may, do you know what the point is of increasing the security violation count? IMHO , this is only a cosmetic difference. Is that correct?

Thanks,

Marcel

Re: Difference between protect/restrict port security violation

I think, its only used for statistics.

Re: Difference between protect/restrict port security violation

It also determines whether you can get a syslog message and SNMP trap for the event.

http://www.cisco.com/en/US/products/hw/switches/ps646/products_command_reference_chapter09186a008021145b.html#wp3062358

Kevin Dorrell

Luxembourg

New Member

Re: Difference between protect/restrict port security violation

OK.

I'll just stop thinking about it and store it in memory ;-)

Thanks for your replies, both.

Marcel

28423
Views
0
Helpful
6
Replies