C
HAPTER
25
| General Security Measures
Port Security
– 653 –
COMMAND MODE
Interface Configuration (Ethernet)
COMMAND USAGE
â—† When port security is enabled with this command, the switch first clears
all dynamically learned entries from the address table. It then starts
learning new MAC addresses on the specified port, and stops learning
addresses when it reaches a configured maximum number. Only
incoming traffic with source addresses already stored in the dynamic or
static address table will be accepted.
â—† First use the port security max-mac-count command to set the
number of addresses, and then use the port security command to
enable security on the port. (The specified maximum address count is
effective when port security is enabled or disabled.)
â—† Use the no port security max-mac-count command to disable port
security and reset the maximum number of addresses to the default.
â—† You can also manually add secure addresses with the mac-address-
table static command.
â—† A secure port has the following restrictions:
â–
Cannot be connected to a network interconnection device.
â–
Cannot be a trunk port.
â—† If a port is disabled due to a security violation, it must be manually re-
enabled using the no shutdown command.
EXAMPLE
The following example enables port security for port 5, and sets the
response to a security violation to issue a trap message:
Console(config)#interface ethernet 1/5
Console(config-if)#port security action trap
RELATED COMMANDS
show interfaces status (731)
shutdown (725)
mac-address-table static (778)
To Next Page
Loading...
Need help?
General