Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

55-9

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

Chapter 55 Configuring Port Security

Configuring Port Security on Access Ports

Step 7

Switch(config-if)# [no] switchport port-security

violation {restrict | shutdown | shutdown vlan}

(Optional) Sets the violation mode, the action to be taken

when a security violation is detected, as one of these:

• restrict—A port security violation restricts data and

causes the SecurityViolation counter to increment

and send an SNMP trap notification.

• shutdown—The interface is error-disabled when a

security violation occurs.

• shutdown vlan—Use to set the security violation

mode for each VLAN. In this mode, the VLAN is

error-disabled instead of the entire port when a

violation occurs.

Note When a secure port is in the error-disabled state,

you can bring it out of this state by entering the

errdisable recovery cause psecure-violation

global configuration command or you can

manually reenable it by entering the shutdown

and no shut down interface configuration

commands.

To return the violation mode to the default condition

(shutdown mode), use the

no switchport port-security violation shutdown

command.

Step 8

Switch(config-if)# switchport port-security limit

rate invalid-source-mac packets_per_sec

Sets the rate limit for bad packets.

Default is 10 pps.

Step 9

Switch(config-if)# [no] switchport port-security

mac-address mac_address

(Optional) Enters a secure MAC address for the interface.

You can use this command to configure a secure MAC

addresses. If you configure fewer secure MAC addresses

than the maximum, the remaining MAC addresses are

dynamically learned.

To delete a MAC address from the address table, use the

no switchport port-security mac-address mac_address

command.

Note This command only applies to access, PVLAN

host, and PVLAN promiscuous mode. For more

details on PVLAN, trunk, or regular trunk mode,

refer to the “Configuring Port Security on Trunk

Ports” section on page 55-17.

Step 10

Switch(config-if)# [no] switchport port-security

mac-address sticky

(Optional) Enables sticky learning on the interface.

To disable sticky learning on an interface, use the

no switchport port-security mac-address sticky

command. The interface converts the sticky secure MAC

addresses to dynamic secure addresses.

Command Purpose

Other manuals for Cisco Catalyst 4500 Series

Manual19 pages

Command Reference Guide1230 pages

System Message Guide150 pages

Configuration Guide1610 pages

Administration Guide1814 pages

Message Guide146 pages

Installation Guide194 pages

Datasheet11 pages

Overview46 pages

Quick Reference Guide59 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E