50-6
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL-30933-01
Chapter 50 Configuring Auto Security
Guidelines and Restrictions
ip dhcp snooping vlan 2-1005
no ip dhcp snooping information option
ip arp inspection vlan 2-1005
ip arp inspection validate src-mac dst-mac ip
Auto Security CLIs applied on Access Port:
------------------------------------------
switchport port-security
switchport port-security maximum 2
switchport port-security maximum vlan access 1
switchport port-security maximum vlan voice 1
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
ip arp inspection limit rate 100
ip dhcp snooping limit rate 100
Auto Security CLIs applied on Trunk Port:
-----------------------------------------
ip dhcp snooping trust
ip arp inspection trust
switchport port-security
switchport port-security maximum 100
switchport port-security violation restrict
Sample Output when Auto Security is Enabled
This example shows the output of the show auto security command when AS is enabled:
Switch# show auto security
Auto Security is Enabled globally
AutoSecure is Enabled on below interface(s):
--------------------------------------------
GigabitEthernet1/0/2
GigabitEthernet1/0/3
GigabitEthernet1/0/14
Sample Output when Auto Security is Disabled
This example shows the output of the show auto security command when AS is disabled:
Switch# show auto security
Auto Security is Disabled globally
AutoSecure is Enabled on below interface(s):
--------------------------------------------
none
Switch#
Guidelines and Restrictions
• The auto security command has no parameters.
• Base line security CLIs (like port security) are not individually nvgen’d on interfaces that have auto
security-port configured. This allows you to maintain consistency over reboots.
• After auto security-port is enabled on a port, you cannot change the CLIs of the baseline security
features (Port Security, DAI, and DHCP Snooping).
To Next Page
Loading...
