Default Port Blocking Configuration; Blocking Flooded Traffic On An Interface; Configuring Port Security - Cisco 3020 - Catalyst Blade Switch Configuration Manual

Chapter 19 Configuring Port-Based Traffic Control

Default Port Blocking Configuration

The default is to not block flooding of unknown multicast and unicast traffic out of a port, but to flood
these packets to all ports.

Blocking Flooded Traffic on an Interface

The interface can be a physical interface or an EtherChannel group. When you block multicast or unicast
Note
traffic for a port channel, it is blocked on all ports in the port-channel group.
Beginning in privileged EXEC mode, follow these steps to disable the flooding of multicast and unicast
packets out of an interface:
Command
Step 1
configure terminal
Step 2 interface interface-id
Step 3 switchport block multicast
Step 4 switchport block unicast
Step 5
end
Step 6 show interfaces interface-id switchport
Step 7 copy running-config startup-config
To return the interface to the default condition where no traffic is blocked and normal forwarding occurs
on the port, use the no switchport block {multicast | unicast} interface configuration commands.
This example shows how to block unicast and multicast flooding on a port:
Switch# configure terminal
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# switchport block multicast
Switch(config-if)# switchport block unicast
Switch(config-if)# end

Configuring Port Security

You can use the port security feature to restrict input to an interface by limiting and identifying MAC
addresses of the stations allowed to access the port. When you assign secure MAC addresses to a secure
port, the port does not forward packets with source addresses outside the group of defined addresses. If
you limit the number of secure MAC addresses to one and assign a single secure MAC address, the
workstation attached to that port is assured the full bandwidth of the port.
If a port is configured as a secure port and the maximum number of secure MAC addresses is reached,
when the MAC address of a station attempting to access the port is different from any of the identified
secure MAC addresses, a security violation occurs. Also, if a station with a secure MAC address
configured or learned on one secure port attempts to access another secure port, a violation is flagged.
OL-8915-01
Purpose
Enter global configuration mode.
Specify the interface to be configured, and enter interface
configuration mode.
Block unknown multicast forwarding out of the port.
Block unknown unicast forwarding out of the port.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide
Configuring Port Security
19-7