a secure port is in the error-disabled state, you can bring it out of this state by entering the errdisable recovery
cause psecure-violation global configuration command, or you can manually re-enable it by entering the
shutdown and no shutdown interface configuration commands.
When the security violation mode is set to per-VLAN shutdown, only the VLAN on which the violation
occurred is error-disabled.
A secure port has the following limitations:
•
A secure port can be an access port or a trunk port; it cannot be a dynamic access port.
•
A secure port cannot be a routed port.
•
A secure port cannot be a protected port.
•
A secure port cannot be a destination port for Switched Port Analyzer (SPAN).
•
A secure port cannot belong to a Gigabit or 10-Gigabit EtherChannel port group.
A security violation occurs when the maximum number of secure MAC addresses are in the address
table and a station whose MAC address is not in the address table attempts to access the interface or
when a station whose MAC address is configured as a secure MAC address on another secure port
attempts to access the interface.
When a secure port is in the error-disabled state, you can bring it out of this state by entering the
errdisable recovery cause psecure-violation global configuration command. You can manually re-enable
the port by entering the shutdown and no shutdown interface configuration commands or by using the
clear errdisable interface privileged EXEC command.
You can verify your settings by using the show port-security privileged EXEC command.
Examples
This example show how to configure a port to shut down only the VLAN if a MAC security violation occurs:
Device(config)# interface gigabitethernet2/0/2
Device(config)# switchport port-security violation shutdown vlan
Command Reference, Cisco IOS XE Everest 16.5.1a (Catalyst 3650 Switches)
839
switchport port-security violation
To Next Page
Loading...
Need help?
General
