Specifications
2-863
Catalyst 4500 Se ries S wit ch C is co IO S C om mand R efer ence —Re lease I OS XE 3 .3.0 XO(1 5.1 (1)XO)
OL_28738 -01
Chapter 2 Cisco IOS Commands for the Catalyst 4500 Series Switches
switchport port-sec urity
Switch(config-if)# switchport port-security mac-address 1000.2000.3000
Switch(config-if)
This example shows how to make all MAC addresses learned on Fast Ethernet port 12 sticky:
Switch(config)# interface fastethernet 2/12
SSwitch(config-if)# switchport port-security mac-address sticky
Switch(config-if)
This example shows how to make MAC address 1000. 2000.3000 sticky on Fast Ethernet port 12:
Switch(config)# interface fastethernet 2/12
Switch(config-if)# switchport port-security mac-address sticky 1000.2000.3000
Switch(config-if)
This example shows how to disable the sticky fea ture on Fast Ethernet por t 12:
Switch(config)# interface fastethernet 2/12
Switch(config-if)# no switchport port-security mac-address sticky
Switch(config-if)
Note This command makes all sticky addresses on this interface normal learned entries. It does not delete the
entries from the secure MAC address t able.
Note The following examples show how to configure sticky secure MAC addresses in access and voice
VLANs on interfaces with voice VLAN configured. If you do not have voice V LAN configured the
vlan [access | voice] keywords are not supported.
This example shows how to con figure st icky MAC addres ses for voice and data V LANs on Fast Etherne t
interface 5/1 and to verify the configu ration:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fa5/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky 0000.0000.obob vlan voice
Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0005 vlan access
Switch(config-if)# end
This example shows how to designate a maximu m of one MAC address for a voice VLAN (for a Cisc o
IP Phone, let’s say) and one MAC address for the data VLAN (for a PC, let’s say) on Fast Ethernet
interface 5/1 and to verify the configu ration:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet 5/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security maximum 1 vlan voice
Switch(config-if)# switchport port-security maximum 1 vlan access
Switch(config-if)# end
This example shows how to configure a port to shut dow n only the VLAN if a violation oc curs:
Switch(config)# interface gigabitethernet 5/1
Switch(config)# switchport port-security violation shutdown vlan