Default Port Security Configuration; Port Security Configuration Guidelines - Cisco 2950 - Catalyst Switch Configuration Manual

Chapter 22 Configuring Port-Based Traffic Control

Default Port Security Configuration

Table 22-2
Table 22-2 Default Port Security Configuration
Feature
Port security
Maximum number of secure MAC addresses
Violation mode
Sticky address learning
Port security aging

Port Security Configuration Guidelines

Follow these guidelines when configuring port security:
•
•
•
•
•
•
•
•
•
•
•
78-11380-10
shows the default port security configuration for an interface.
Port security can only be configured on static access ports.
A secure port cannot be a dynamic access port or a trunk port.
A secure port cannot be a destination port for Switched Port Analyzer (SPAN).
A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.
You cannot configure static secure or sticky secure MAC addresses on a voice VLAN.
When you enable port security on an interface that is also configured with a voice VLAN, you must
set the maximum allowed secure addresses on the port to at least two.
If any type of port security is enabled on the access VLAN, dynamic port security is automatically
enabled on the voice VLAN.
When a voice VLAN is configured on a secure port that is also configured as a sticky secure port,
all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses
seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses.
You cannot configure port security on a per-VLAN basis.
The switch does not support port security aging of sticky secure MAC addresses.
The protect and restrict options cannot be simultaneously enabled on an interface.
Default Setting
Disabled.
One.
Shutdown.
Disabled.
Disabled. Aging time is 0. When enabled, the default
type is absolute.
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
Configuring Port Security
22-9