32-4
Software Configuration Guide—Release 12.2(25)EW
OL-6696-01
Chapter 32 Configuring Port Security
Configuring Port Security
Configuring Port Security on an Interface
To restrict traffic through a port by limiting and identifying MAC addresses of the stations allowed to
access the port, perform this task:
Command Purpose
Step 1
Switch(config)# interface
interface_id
Enters interface configuration mode and enters the
physical interface to configure, for example
gigabitethernet 3/1.
Step 2
Switch(config-if)# switchport mode access
Sets the interface mode as access; an interface in the
default mode (dynamic desirable) cannot be configured as
a secure port.
Step 3
Switch(config-if)# switchport port-security
Enables port security on the interface.
Step 4
Switch(config-if)# switchport port-security
maximum
value
(Optional) Sets the maximum number of secure MAC
addresses for the interface. The range is 1 to 3072; the
default is 1.
Step 5
Switch(config-if)# switchport port-security
violation {restrict | shutdown}
(Optional) Sets the violation mode, the action to be taken
when a security violation is detected, as one of these:
• restrict—A port security violation restricts data and
causes the SecurityViolation counter to increment
and send an SNMP trap notification.
• shutdown—The interface is error-disabled when a
security violation occurs.
Note When a secure port is in the error-disabled state,
you can bring it out of this state by entering the
errdisable recovery cause psecure-violation
global configuration command or you can
manually reenable it by entering the shutdown
and no shut down interface configuration
commands.
Step 6
Switch(config-if)# switchport port-security limit
rate invalid-source-mac
Sets the rate limit for bad packets.
Step 7
Switch(config-if)# switchport port-security
mac-address
mac_address
(Optional) Enters a secure MAC address for the interface.
You can use this command to enter the maximum number
of secure MAC addresses. If you configure fewer secure
MAC addresses than the maximum, the remaining MAC
addresses are dynamically learned.
Step 8
Switch(config-if)# switchport port-security
mac-address sticky
(Optional) Enable sticky learning on the interface.
Step 9
Switch(config-if)# end
Returns to privileged EXEC mode.
Step 10
Switch# show port-security address
interface
interface_id
Switch# show port-security address
Verifies your entries.
To Next Page
Loading...
Need help?
General
