2-501
Catalyst 2950 and Catalyst 2955 Switch Command Reference
0L-10102-01
Chapter 2 Catalyst 2950 and 2955 Cisco IOS Commands
switchport port-security
Defaults Port security is disabled.
When port security is enabled, if no keywords are entered, the default maximum number of secure MAC
addresses is 1.
Sticky learning is disabled.
The default violation mode is shutdown.
Command Modes Interface configuration
Command History
Usage Guidelines A secure port can have 1 to 132 associated secure addresses. The total number of available secure
addresses on the switch is 1024.
After you have set the maximum number of secure MAC addresses allowed on a port, you can add secure
addresses to the address table by manually configuring them, by allowing the port to dynamically
configure them, or by configuring some MAC addresses and allowing the rest to be dynamically
configured.
You can delete dynamic secure MAC addresses from the address table by entering the clear
port-security dynamic privileged EXEC command.
You can enable sticky learning on an interface by using the switchport port-security mac-address
sticky interface configuration command. When you enter this command, the interface converts all the
dynamic secure MAC addresses, including those that were dynamically learned before sticky learning
was enabled, to sticky secure MAC addresses. It adds all the sticky secure MAC addresses to the running
configuration.
restrict (Optional) Set the security violation restrict mode. When the number
of secure MAC addresses reaches the limit allowed on the port, packets
with unknown source addresses are dropped until you remove a
sufficient number of secure MAC addresses or increase the number of
maximum allowable addresses. In this mode, you are notified that a
security violation has occurred. Specifically, an SNMP trap is sent, a
syslog message is logged, and the violation counter increments.
shutdown (Optional) Set the security violation shutdown mode. In this mode, a
port security violation causes the interface to immediately become
error-disabled and turns off the port LED. It also sends an SNMP trap,
logs a syslog message, and increments the violation counter. When a
secure port is in the error-disabled state, you can bring it out of this
state by entering the errdisable recovery cause psecure-violation
global configuration command, or you can manually re-enable it by
entering the shutdown and no shut down interface configuration
commands.
Release Modification
12.1(6)EA2 This command was introduced. It replaced the port security and
mac-address-table secure commands.
12.1(11)EA1 The mac-address sticky [mac-address] option was added.
To Next Page
Loading...
Need help?
General
