Specifications

19-13

Catalyst 2970 Switch Software Configuration Guide

78-15462-03

Chapter 19 Configuring Port-Based Traffic Control

Configuring Port Security

This example shows how to enable port security on Gigabit Ethernet port 0/1 and to set the maximum

number of secure addresses to 50. The violation mode is the default, no static secure MAC addresses are

configured, and sticky learning is enabled.

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# switchport mode access

Switch(config-if)# switchport port-security

Switch(config-if)# switchport port-security maximum 50

Switch(config-if)# switchport port-security mac-address sticky

This example shows how to configure a static secure MAC address on VLAN 3 on Gigabit Ethernet port

0/2:

Switch(config)# interface gigabitethernet0/2

Switch(config-if)# switchport mode trunk

Switch(config-if)# switchport port-security

Switch(config-if)# switchport port-security mac-address 0000.02000.0004 vlan 3

Enabling and Configuring Port Security Aging

You can use port security aging to set the aging time for all secure addresses on a port. Two types of

aging are supported per port:

• Absolute—The secure addresses on the port are deleted after the specified aging time.

• Inactivity—The secure addresses on the port are deleted only if the secure addresses are inactive for

the specified aging time.

Use this feature to remove and add devices on a secure port without manually deleting the existing secure

MAC addresses and to still limit the number of secure addresses on a port. You can enable or disable the

aging of secure addresses on a per-port basis.

Beginning in privileged EXEC mode, follow these steps to configure port security aging:

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

interface interface-id Enter interface configuration mode for the port on which you

want to enable port security aging.