Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment2955T 12 - Catalyst Switch
401402403404405406407408409410
19-4
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-07
Chapter 19 Configuring Port-Based Traffic Control
Configuring Port Security
To disable protected port, use the no switchport protected interface configuration command.
This example shows how to configure Gigabit Ethernet interface 0/1 as a protected port and verify the
configuration:
Switch# configure terminal
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# switchport protected
Switch(config-if)# end
Switch# show interfaces gigabitethernet0/1 switchport
Name: Gi0/1
Switchport: Enabled
<output truncated>
Protected: True
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Configuring Port Security
You can use the port security feature to restrict input to an interface by limiting and identifying MAC
addresses of the stations allowed to access the port. When you assign secure MAC addresses to a secure
port, the port does not forward packets with source addresses outside the group of defined addresses.
This section includes information about these topics:
Understanding Port Security, page 19-4
Default Port Security Configuration, page 19-6
Port Security Configuration Guidelines, page 19-6
Enabling and Configuring Port Security, page 19-7
Enabling and Configuring Port Security Aging, page 19-9
Understanding Port Security
This section includes information about:
Secure MAC Addresses, page 19-4
Security Violations, page 19-5
Secure MAC Addresses
A secure port can have from 1 to 132 associated secure addresses. The total number of available secure
addresses on the switch is 1024.
You can configure these types of secure MAC addresses:
Static secure MAC addressesThese are manually configured by using the switchport
port-security mac-address mac-address interface configuration command, stored in the address
table, and added to the switch running configuration.
Dynamic secure MAC addressesThese are dynamically learned, stored only in the address table,
and removed when the switch restarts.