Invalid Packet Handling - Cisco Catalyst 4500 Series Configuration Manual
Release ios xe 3.3.0sg and ios 15.1(1)sg
Hide thumbs
Also See for Catalyst 4500 Series:
- Software configuration manual (2086 pages) ,
- Administration manual (1814 pages) ,
- Configuration manual (1254 pages)
Table of Contents
Advertisement
Chapter 47
Configuring Port Security
Invalid Packet Handling
Configuring Port Security on Access Ports
These sections describe how to configure port security:
•
•
Port security can be enabled on a Layer 2 port channel interface configured in access mode. The port
Note
security configuration on an EtherChannel is independent of the configuration of any member ports.
Configuring Port Security on Access Ports
To restrict traffic through a port by limiting and identifying MAC addresses of the stations allowed to
the port, perform this task:
Command
Step 1
Switch(config)# interface interface_id
interface port-channel port_channel_number
Step 2
Switch(config-if)# switchport mode access
Step 3
Switch(config-if)# [no] switchport port-security
OL-25340-01
You might want to rate limit invalid source MAC address packets on a secure port if you anticipate
that a device will send invalid packets (such as traffic generator, sniffer, and bad NICs).
The port security feature considers the following as "invalid frames":
–
Packets with a source or destination MAC address that is all zero
–
Packets with a multicast or broadcast source MAC address
Packets from an address either learned or configured on a secure interface that are observed on
–
another secure interface in the same VLAN
You can chose to rate limit these packets. If the rate is exceeded, you can trigger a violation action
for the port.
Configuring Port Security on Access Ports, page 47-7
Examples of Port Security on Access Ports, page 47-10
Purpose
Enters interface configuration mode and specifies the
interface to configure.
The interface can be a Layer 2 port channel
Note
logical interface.
Sets the interface mode.
An interface in the default mode (dynamic auto)
Note
cannot be configured as a secure port.
Enables port security on the interface.
To return the interface to the default condition as a not
secured, use the no switchport port-security command.
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
Configuring Port Security on Access Ports
47-7
- Quick Links:
- Resetting a Switch to Factory Default...
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
