Switchport Port-Security - Cisco Catalyst 2950 Command Reference Manual
Desktop switch
Hide thumbs
Also See for Catalyst 2950:
- Configuration manual (710 pages) ,
- Command reference manual (686 pages) ,
- Software configuration manual (674 pages)
Table of Contents
Advertisement
switchport port-security
switchport port-security
Use the switchport port-security interface configuration command without keywords to enable port
security on an interface. Use the keywords to configure secure MAC addresses, a maximum number of
secure MAC addresses, or the violation mode. Use the no form of this command to disable port security
or to set the parameters to their default states.
Syntax Description
mac-address mac-address
mac-address sticky
[mac-address]
maximum value
violation
protect
restrict
shutdown
Defaults
Port security is disabled.
When port security is enabled, if no keywords are entered, the default maximum number of secure MAC
addresses is 1.
Catalyst 2950 Desktop Switch Command Reference
2-296
switchport port-security [mac-address mac-address] | [mac-address sticky [mac-address]] |
[maximum value] | [violation {protect | restrict | shutdown}]
no switchport port-security [mac-address mac-address] | [mac-address sticky [mac-address]] |
[maximum value] | [violation {protect | restrict | shutdown}]
(Optional) Specify a secure MAC address for the port by entering a
48-bit MAC address. You can add additional secure MAC addresses
up to the maximum value configured.
(Optional) Enable the interface for sticky learning by entering only the
mac-address sticky keywords. When sticky learning is enabled, the
interface adds all secure MAC addresses that are dynamically learned
to the running configuration and converts these addresses to sticky
secure MAC addresses.
Specify a sticky secure MAC address by entering the mac-address
sticky mac-address keywords.
(Optional) Set the maximum number of secure MAC addresses for the
interface. The range is from 1 to 132. The default is 1.
(Optional) Set the security violation mode or the action to be taken if
port security is violated. The default is shutdown.
Set the security violation protect mode. When port secure MAC
addresses reach the limit allowed on the port, packets with unknown
source addresses are dropped until you remove a sufficient number of
secure MAC addresses to drop below the maximum value.
Set the security restrict mode. In this mode, a port security violation
causes a trap notification to be sent to the network management
station.
Set the security violation shutdown mode. In this mode, a port security
violation causes the interface to immediately become error-disabled,
and an SNMP trap notification is sent. When a secure port is in the
error-disabled state, you can bring it out of this state by entering the
errdisable recovery cause psecure-violation global configuration
command, or you can manually re-enable it by entering the shutdown
and no shut down interface configuration commands.
Chapter 2 Cisco IOS Commands
78-11381-05
Hide quick links:
Advertisement
Table of Contents
