18-9
Catalyst 2950 Desktop Switch Software Configuration Guide
78-14982-01
Chapter 18 Configuring Port-Based Traffic Control
Configuring Port Security
To return the interface to the default condition as not a secure port, use the no switchport port-security
interface configuration command. If you enter this command when sticky learning is enabled, the sticky
secure addresses remain part of the running configuration but are removed from the address table. The
addresses that were removed can be dynamically reconfigured and added to the address table as dynamic
addresses.
To return the interface to the default number of secure MAC addresses, use the no switchport
port-security maximum value interface configuration command.
To return the violation mode to the default condition (shutdown mode), use the no switchport
port-security violation {protocol | restrict} interface configuration command.
To disable sticky learning on an interface, use the no switchport port-security mac-address sticky
interface configuration command. The interface converts the sticky secure MAC addresses to dynamic
secure addresses.
To delete a static secure MAC address from the address table, use the no switchport port-security
mac-address mac-address interface configuration command.
To delete a dynamic secure MAC address from the address table, use the clear port-security dynamic
address mac-addr privileged EXEC command. To delete all the dynamic addresses on an interface, use
the clear port-security dynamic interface interface-id privileged EXEC command.
To delete sticky secure MAC addresses from the address table, disable sticky learning, which converts
the sticky secure MAC addresses to dynamic secure addresses. Use the no switchport port-security
mac-address sticky interface configuration command. Delete dynamic secure addresses on an interface
by using the clear port-security dynamic interface interface-id privileged EXEC command. To delete
a dynamic secure MAC address, use the clear port-security dynamic address mac-addr privileged
EXEC command.
This example shows how to enable port security on Fast Ethernet port 1 and to set the maximum number
of secure addresses to 50. The violation mode is the default, no static secure MAC addresses are
configured, and sticky learning is enabled.
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 50
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# end
Switch# show port-security interface fastethernet0/1
Port Security: Enabled
Port status: SecureUp
Violation mode: Shutdown
Maximum MAC Addresses :50
Total MAC Addresses: 11
Configured MAC Addresses: 0
Sticky MAC Addresses :11
Aging time: 20 mins
Aging type: Inactivity
SecureStatic address aging: Enabled
Security Violation count: 0
To Next Page
Loading...
