Enabling And Configuring Port Security - Cisco 2950 - Catalyst Switch Configuration Manual
Software configuration guide
Hide thumbs
Also See for 2950 - Catalyst Switch:
- Command reference manual (686 pages) ,
- Software configuration manual (674 pages) ,
- Software manual (376 pages)
Table of Contents
Advertisement
Configuring Port Security
Enabling and Configuring Port Security
Beginning in privileged EXEC mode, follow these steps to restrict input to an interface by limiting and
identifying MAC addresses of the stations allowed to access the port:
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
switchport mode access
Step 4
switchport port-security
Step 5
switchport port-security maximum
value
Step 6
switchport port-security violation
{protect | restrict | shutdown}
Step 7
switchport port-security mac-address
mac-address
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
22-10
Purpose
Enter global configuration mode.
Specify the interface to configure and enter interface configuration
mode.
Set the interface mode as access; an interface in the default mode
(dynamic desirable) cannot be configured as a secure port.
Enable port security on the interface.
(Optional) Set the maximum number of secure MAC addresses for the
interface. The range is 1 to 132; the default is 1.
(Optional) Set the violation mode, the action to be taken when a security
violation is detected, as one of these:
protect—When the number of secure MAC addresses reaches the
•
limit allowed on the port, packets with unknown source addresses
are dropped until you remove a sufficient number of secure MAC
addresses or increase the number of maximum allowable addresses.
You are not notified that a security violation has occurred.
•
restrict—When the number of secure MAC addresses reaches the
limit allowed on the port, packets with unknown source addresses
are dropped until you remove a sufficient number of secure MAC
addresses or increase the number of maximum allowable addresses.
In this mode, you are notified that a security violation has occurred.
Specifically, an SNMP trap is sent, a syslog message is logged, and
the violation counter increments.
shutdown—In this mode, a port security violation causes the
•
interface to immediately become error-disabled, and turns off the
port LED. It also sends an SNMP trap, logs a syslog message, and
increments the violation counter.
Note
When a secure port is in the error-disabled state, you can bring
it out of this state by entering the errdisable recovery cause
psecure-violation global configuration command, or you can
manually re-enable it by entering the shutdown and no
shutdown interface configuration commands.
(Optional) Enter a static secure MAC address for the interface, repeating
the command as many times as necessary. You can use this command to
enter the maximum number of secure MAC addresses. If you configure
fewer secure MAC addresses than the maximum, the remaining MAC
addresses are dynamically learned.
Note
If you enable sticky learning after you enter this command, the
secure addresses that were dynamically learned are converted to
sticky secure MAC addresses and are added to the running
configuration.
Chapter 22
Configuring Port-Based Traffic Control
78-11380-10
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
