56-6
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 56 Configuring Auto Security
Guidelines and Restrictions
Auto Security CLIs applied on Trunk Port:
-----------------------------------------
ip dhcp snooping trust
ip arp inspection trust
switchport port-security
switchport port-security maximum 100
switchport port-security violation restrict
Sample Output when Auto Security is Enabled
This example shows the output of the show auto security command when AS is enabled:
Switch# show auto security
Auto Security is Enabled globally
AutoSecure is Enabled on below interface(s):
--------------------------------------------
GigabitEthernet1/0/2
GigabitEthernet1/0/3
GigabitEthernet1/0/14
Sample Output when Auto Security is Disabled
This example shows the output of the show auto security command when AS is disabled:
Switch# show auto security
Auto Security is Disabled globally
AutoSecure is Enabled on below interface(s):
--------------------------------------------
none
Switch#
Guidelines and Restrictions
• The auto security command has no parameters.
• Base line security CLIs (like port security) are not individually nvgen’d on interfaces that have auto
security-port configured. This allows you to maintain consistency over reboots.
• After auto security-port is enabled on a port, you cannot change the CLIs of the baseline security
features (Port Security, DAI, and DHCP Snooping).
For example, if you enter the following:
interface GigabitEthernet2/0/24
switchport mode access
auto security-port host
The port security configuration is rejected on the auto security port:
Switch(config)# int g2/0/24
Switch(config-if)# switchport port-security maximum 4
%Command Rejected: 'auto security' enabled port
• Because you might need a different set of features on uplink ports, such as marking the port as a
DHCP trusted port, you need to identify uplink and downlink ports and apply port mode specific
configuration.
To Next Page
Loading...
