10-7
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-03
Chapter 10 Configuring the Switch Ports
Enabling Port Security
For the restrictions that apply to secure ports, see the “Avoiding Configuration Conflicts” section on
page 14-1.
Defining the Maximum Secure Address Count
A secure port can have from 1 to 132 associated secure addresses. Setting one address in the MAC
address table for the port ensures that the attached device has the full bandwidth of the port.
If the secure-port maximum addresses are set between 1 to 132 addresses and some of the secure
addresses have not been added by user, the remaining addresses are dynamically learnt and become
secure addresses.
Note If the port link goes down, all the dynamically learned addresses are removed.
Enabling Port Security
Beginning in privileged EXEC mode, follow these steps to enable port security:
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface interface Enter interface configuration mode for the port you want to secure.
Step 3
switchport port-security Enable basic port security on the interface.
Step 4
switchport port-security
maximum max_addrs
Set the maximum number of MAC addresses that is allowed on this
interface.
Step 5
switchport port-security
violation {shutdown | restrict |
protect}
Set the security violation mode for the interface.
The default is shutdown.
For mode, select one of these keywords:
• shutdown—The interface is shut down immediately following
a security violation.
• restrict—A security violation sends a trap to the network
management station.
• protect—When the port secure addresses reach the allowed
limit on the port, all packets with unknown addresses are
dropped.
Step 6
end Return to privileged EXEC mode.
Step 7
show port security [interface
interface-id | address]
Verify the entry.
To Next Page
Loading...
Need help?
General
