Defining The Maximum Secure Address Count; Enabling Port Security - Cisco Catalyst 2950 Software Manual

Chapter 10 Configuring the Switch Ports
For the restrictions that apply to secure ports, see the
page

Defining the Maximum Secure Address Count

A secure port can have from 1 to 132 associated secure addresses. Setting one address in the MAC
address table for the port ensures that the attached device has the full bandwidth of the port.
If the secure-port maximum addresses are set between 1 to 132 addresses and some of the secure
addresses have not been added by user, the remaining addresses are dynamically learnt and become
secure addresses.
Note If the port link goes down, all the dynamically learned addresses are removed.

Enabling Port Security

Beginning in privileged EXEC mode, follow these steps to enable port security:
Command
Step 1
configure terminal
Step 2 interface interface
Step 3
switchport port-security
Step 4
switchport port-security
maximum max_addrs
Step 5
switchport port-security
violation {shutdown | restrict |
protect}
Step 6
end
Step 7
show port security [interface
interface-id | address]
78-11380-03
14-1.
"Avoiding Configuration Conflicts" section on
Purpose
Enter global configuration mode.
Enter interface configuration mode for the port you want to secure.
Enable basic port security on the interface.
Set the maximum number of MAC addresses that is allowed on this
interface.
Set the security violation mode for the interface.
The default is shutdown.
For mode, select one of these keywords:
shutdown—The interface is shut down immediately following
•
a security violation.
• restrict—A security violation sends a trap to the network
management station.
• protect—When the port secure addresses reach the allowed
limit on the port, all packets with unknown addresses are
dropped.
Return to privileged EXEC mode.
Verify the entry.
Catalyst 2950 Desktop Switch Software Configuration Guide
Enabling Port Security
10-7