Cisco 4500M Software Manual page 455
Software guide
Hide thumbs
Also See for 4500M:
- Command reference manual (578 pages) ,
- Hardware installation and maintenance manual (143 pages) ,
- Upgrade manual (24 pages)
Table of Contents
Advertisement
Chapter 32
Configuring Port Security
To return the interface to the default condition as not a secure port, use the no switchport
•
port-security interface configuration command.
To return the interface to the default number of secure MAC addresses, use the no switchport
•
port-security maximum value.
To delete a MAC address from the address table, use the no switchport port-security mac-address
•
mac_address command.
To return the violation mode to the default condition (shutdown mode), use the no switchport
•
port-security violation {restrict | shutdown} command.
To disable sticky learning on an interface, use the no switchport port-security mac-address sticky
•
command. The interface converts the sticky secure MAC addresses to dynamic secure addresses.
To delete a sticky secure MAC addresses from the address table, use the no switchport
•
port-security sticky mac-address mac_address command. To delete all the sticky addresses on an
interface or a VLAN, use the no switchport port-security sticky interface interface-id command.
To clear dynamically learned port security MAC in the CAM table, use the clear port-security
•
dynamic command. The address keyword enables you to clear a secure MAC addresses. The
interface keyword enables you to clear all secure addresses on an interface.
This example shows how to enable port security on Fast Ethernet port 12 and how to set the maximum
number of secure addresses to 5. The violation mode is the default, and no secure MAC addresses are
configured.
Switch# configure terminal
Enter configuration commands, one per line.
Switch(config)# interface fastethernet 3/12
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 5
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# end
Switch# show port-security interface fastethernet 3/12
Port Security
Port Status
Violation Mode
Aging Time
Aging Type
SecureStatic Address Aging :Enabled
Maximum MAC Addresses
Total MAC Addresses
Configured MAC Addresses
Sticky MAC Addresses
Last Source Address
Security Violation Count
This example shows how to configure a secure MAC address on Fast Ethernet port 5/1 and verify the
configuration:
Switch# configure terminal
Enter configuration commands, one per line.
Switch(config)# interface fastethernet 5/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 10
Switch(config-if)# switchport port-security mac-address 0000.0000.0003 (Static secure MAC)
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)#
switchport port-security mac-address sticky 0000.0000.0001 (Sticky static MAC)
Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0002
Switch(config-if)# end
OL-6696-01
End with CNTL/Z.
:Enabled
:Secure-up
:Shutdown
:0
:Absolute
:5
:0
:0
:11
:0000.0000.0401
:0
End with CNTL/Z.
Software Configuration Guide—Release 12.2(25)EW
Configuring Port Security
32-5
Advertisement
Table of Contents
