2-1054
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.4.0SG and IOS 15.1(2)SG)
OL-27596 -01
Chapter 2 Cisco IOS Commands for the Catalyst 4500 Series Switches
switchport port-security
switchport port-security
To enable port security on an interface, use the switchport port-security command. To disable port
security and set parameters to their default states, use the no form of this command.
switchport port-security [aging {static | time time | type {absolute | inactivity}} |
limit rate invalid-source-mac [N | none] | mac-address mac-address [vlan {access | voice} |
mac-address sticky [mac-address] [vlan access | voice] | maximum value [vlan {access |
voice} | violation {restrict | shutdown | shutdown vlan}]
no switchport port-security [aging {static | time time | type {absolute | inactivity}} |
limit rate invalid-source-mac [N | none] | mac-address mac-address [vlan {access | voice} |
mac-address sticky
[mac-address] [vlan access | voice] | maximum value [vlan {access |
voice} | violation {restrict | shutdown | shutdown vlan}]
Syntax Description aging (Optional) Specifies aging for port security.
static (Optional) Enables aging for statically configured secure addresses on
this port.
time time (Optional) Specifies the aging time for this port. The valid values are
from 0 to 1440 minutes. If the time is 0, aging is disabled for this port.
type absolute (Optional) Sets the aging type as absolute aging. All the secure
addresses on this port age out exactly after the time (minutes) specified
and are removed from the secure address list.
type inactivity (Optional) Sets the aging type as inactivity aging. The secure addresses
on this port age out only if there is no data traffic from the secure source
address for the specified time period.
limit rate
invalid-source-mac
(Optional) Sets the rate limit for bad packets. This rate limit also applies
to the port where DHCP snooping security mode is enabled as filtering
the IP and MAC address.
N none (Optional) Supplies a rate limit (N) or indicates none (none).
mac-address mac-address (Optional) Specifies a secure MAC address for the interface; a 48-bit
MAC address. You can add additional secure MAC addresses up to the
maximum value that is configured.
sticky (Optional) Configures the dynamic addresses as sticky on the interface.
vlan access (Optional) Deletes the secure MAC addresses from access VLANs.
vlan voice (Optional) Deletes the secure MAC addresses from voice VLANs.
maximum value (Optional) Sets the maximum number of secure MAC addresses for the
interface. Valid values are from 1 to 3072. The default setting is 1.
violation (Optional) Sets the security violation mode and action to be taken if port
security is violated.
restrict (Optional) Sets the security violation restrict mode. In this mode, a port
security violation restricts data and causes the security violation counter
to increment.
To Next Page
Loading...
Need help?
General
