38-4
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 38 Configuring Port Security
Port Security Configuration Guidelines
For information on configuring MAC-address monitoring, see the “Configuring MAC-Address
Monitoring” section on page 38-14.
Port Security Configuration Guidelines
This section describes the guidelines for configuring port security:
• Do not enable port security on a SPAN destination port and vice versa.
• Do not configure dynamic, static, or permanent CAM entries on a secure port.
Configuring Port Security on the Switch
These sections describe how to configure port security:
• Enabling Port Security, page 38-4
• Setting the Maximum Number of Secure MAC Addresses, page 38-5
• Automatically Configuring Dynamically Learned MAC Addresses, page 38-6
• Setting the Port Security Age Time, page 38-7
• Setting the Port Security Aging Type, page 38-8
• Clearing the MAC Addresses, page 38-8
• Configuring Unicast Flood Blocking on the Secure Ports, page 38-9
• Specifying the Security Violation Action, page 38-10
• Setting the Shutdown Timeout, page 38-11
• Disabling Port Security, page 38-11
• Restricting the Traffic Based on a Host MAC Address, page 38-12
• Displaying Port Security, page 38-12
Enabling Port Security
When you enable port security on a port, any static or dynamic CAM entries that are associated with the
port are cleared; any currently configured permanent CAM entries are treated as secure.
To enable port security, perform this task in privileged mode:
Task Command
Step 1
Enable port security on the desired ports. You can
also specify the secure MAC address. To enable
port security on a trunk port, specify the VLANs
on which a secure MAC address is allowed.
set port security mod/port enable [mac_addr]
[vlan_list]
Step 2
Add the MAC addresses to the list of secure
addresses.
set port security mod/port mac_addr [vlan_list]
Step 3
Verify the configuration. show port [mod[/port]] [mac_addr][vlan_list]
To Next Page
Loading...
