Cisco Catalyst 2950 Software Configuration Manual page 430
Hide thumbs
Also See for Catalyst 2950:
- Configuration manual (710 pages) ,
- Command reference manual (686 pages) ,
- Software configuration manual (544 pages)
Table of Contents
Advertisement
Configuring Port Security
Command
Step 6
switchport port-security violation
{protect | restrict | shutdown}
Step 7
switchport port-security mac-address
mac-address
Step 8
switchport port-security mac-address
sticky
Step 9
end
Step 10
show port-security
Step 11
copy running-config startup-config
To return the interface to the default condition as not a secure port, use the no switchport port-security
interface configuration command. If you enter this command when sticky learning is enabled, the sticky
secure addresses remain part of the running configuration but are removed from the address table. All
addresses are now dynamically learned.
To return the interface to the default number of secure MAC addresses, use the no switchport
port-security maximum value interface configuration command.
To return the violation mode to the default condition (shutdown mode), use the no switchport
port-security violation {protect | restrict} interface configuration command.
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
21-10
Purpose
(Optional) Set the violation mode, the action to be taken when a security
violation is detected, as one of these:
protect—When the number of secure MAC addresses reaches the
•
limit allowed on the port, packets with unknown source addresses
are dropped until you remove a sufficient number of secure MAC
addresses or increase the number of maximum allowable addresses.
You are not notified that a security violation has occurred.
restrict—When the number of secure MAC addresses reaches the
•
limit allowed on the port, packets with unknown source addresses
are dropped until you remove a sufficient number of secure MAC
addresses or increase the number of maximum allowable addresses.
In this mode, you are notified that a security violation has occurred.
Specifically, an SNMP trap is sent, a syslog message is logged, and
the violation counter increments.
shutdown—In this mode, a port security violation causes the
•
interface to immediately become error-disabled, and turns off the
port LED. It also sends an SNMP trap, logs a syslog message, and
increments the violation counter.
Note
When a secure port is in the error-disabled state, you can bring
it out of this state by entering the errdisable recovery cause
psecure-violation global configuration command, or you can
manually re-enable it by entering the shutdown and no
shutdown interface configuration commands.
(Optional) Enter a static secure MAC address for the interface, repeating
the command as many times as necessary. You can use this command to
enter the maximum number of secure MAC addresses. If you configure
fewer secure MAC addresses than the maximum, the remaining MAC
addresses are dynamically learned.
If you enable sticky learning after you enter this command, the
Note
secure addresses that were dynamically learned are converted to
sticky secure MAC addresses and are added to the running
configuration.
(Optional) Enable sticky learning on the interface.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Chapter 21
Configuring Port-Based Traffic Control
78-11380-12
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
