Specifications

ManualsBrandsCisco ManualsDocking StationAccess Registrar 3.5

911

912

913

914

915

916

917

918

919

920

2-862

Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)

OL_28738 -01

Chapter 2 Cisco IOS Commands for the Catalyst 4500 Series Switches

switchport port-security

To allow limited time access to particular secure addresses, set the aging type as absolute. When the

aging time lapses, the secure addresses are deleted.

To allow continuous access to a limited number of secure addresses, set the aging type as inactivity. This

action removes the secure address when it bec omes inactive, and other addre sses can become secure.

To allow unlimited access to a secure address, configure it as a secure address, and disable aging for the

statically config ured se cure addr ess by u sing the no switchport port-security aging static interface

configuration comma nd.

If the sticky comm and is execute d without a MAC add ress speci fied, all MAC addresses t hat are le arned

on that port will be made sticky. You can also specify a specific MAC address to be a sticky address by

entering the sticky keyword next to it.

You can configure the sticky feature even when port security is not enabled on the interface. The feature

becomes operational when you enable port security on the interface.

You can use the no form of the sticky command only if the sticky feature is already enabled on the

interface.

Examples This example shows how to set the aging time to 2 hours (120 minutes) for the secure addresses on the

Fast Ethernet port 12:

Switch(config)# interface fastethernet 0/12

Switch(config-if)# switchport port-security aging time 120

Switch(config-if)#

This example shows how to set the aging timer type to Inactivity for the secure addresses on the Fast

Ethernet port 12:

Switch(config)# interface fastethernet 0/12

Switch(config-if)# switch port-security aging type inactivity

Switch(config-if)#

The following example shows how to configure rate limit for invalid source packets on Fast Ethernet

port 12:

Switch(config)# interface fastethernet 0/12

Switch(config-if)# switchport port-security limit rate invalid-source-mac 100

Switch(config-if)#

The following example shows how to configure rate limit for invalid source packets on Fast Ethernet

port 12:

Switch(config)# interface fastethernet 0/12

Switch(config-if)# switchport port-security limit rate invalid-source-mac none

Switch(config-if)#

You can verify the settings for all secure ports or the specified port by usin g the show port-security

privileged EXEC command.

This example shows how to remove all sticky and static addresses that are configured on the interface:

Switch(config)# interface fastethernet 2/12

Switch(config-if)# no switchport port-security mac-address

Switch(config-if)

This example shows how to configure a se cure MAC address on Fast Etherne t port 12:

Switch(config)# interface fastethernet 0/12

Switch(config-if)# switchport mode access

Switch(config-if)# switchport port-security