Specifications

ManualsBrandsCisco ManualsComputer equipment2950G 24 - Catalyst Switch

341

342

343

344

345

346

347

348

349

350

2-319

Catalyst 2950 and Catalyst 2955 Switch Command Reference

78-15304-01

Chapter 2 Cisco IOS Commands

switchport port-security

When a secure port is in the error-disabled state, you can bring it out of this state by entering the

errdisable recovery cause psecure-violation global configuration command, or you can manually

re-enable it by entering the shutdown and no shut down interface configuration commands.

A secure port has these limitations:

• Port security can only be configured on static access ports.

• A secure port cannot be a dynamic port, a dynamic access port or a trunk port.

• A secure port cannot be a destination port for Switched Port Analyzer (SPAN).

• A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.

• You cannot configure static secure MAC addresses in the voice VLAN.

• When you enable port security on a voice VLAN port, you must set the maximum allowed secure

addresses on the port to at least two. When the port is connected to a Cisco IP phone, the IP phone

requires two MAC addresses: one for the access VLAN and the other for the voice VLAN.

Connecting a PC to the IP phone requires additional MAC addresses.

• To enable port security on an 802.1X port, you must first enable the 802.1X multiple-hosts mode on

the port (for switches running the EI software).

• The switch does not support port security aging of sticky secure MAC addresses.

Examples This example shows how to enable port security:

Switch(config-if)# switchport port-security

This example shows how to set the action that the port takes when an address violation occurs:

Switch(config-if)# switchport port-security violation shutdown

This example shows how to set the maximum number of addresses that a port can learn to 20.

Switch(config-if)# switchport port-security maximum 20

This example shows how to enable sticky learning and to enter two sticky secure MAC addresses:

Switch(config-if)# switchport port-security mac-address sticky

Switch(config-if)# switchport port-security mac-address sticky 0000.0000.4141

Switch(config-if)# switchport port-security mac-address sticky 0000.0000.000f

You can verify your settings by entering the show port-security privileged EXEC command.

Related Commands Command Description

clear port-security dynamic Deletes from the MAC address table a specific dynamic secure

address or all the dynamic secure addresses on an interface.

clear port-security sticky Deletes from the MAC address table a specific sticky secure address,

all the sticky secure addresses on an interface, or all the sticky secure

addresses on a switch.

show port-security Displays the port security settings defined for the port.