Chapter 43
Configuring Port Security
This example shows how to configure the restrict security violation mode on Fast Ethernet port 5/12:
Router# configure terminal
Enter configuration commands, one per line.
Router(config)# interface fastethernet 3/12
Router(config-if)# switchport port-security violation restrict
Router(config-if)# do show port-security interface fastethernet 5/12 | include Restrict
Violation Mode
Configuring the Maximum Number of Secure MAC Addresses on a Port
To configure the maximum number of secure MAC addresses on a port, perform this task:
Command
Step 1
Router(config)# interface type
Step 2
Router(config-if)# switchport port-security
maximum number_of_addresses vlan {vlan_ID |
vlan_range}
Router(config-if)# no switchport port-security
maximum
Step 3
Router(config-if)# do show port-security
1
interface type
1.
type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
When configuring the maximum number of secure MAC addresses on a port, note the following
information:
•
•
This example shows how to configure a maximum of 64 secure MAC addresses on Fast Ethernet
port 5/12:
Router# configure terminal
Enter configuration commands, one per line.
Router(config)# interface fastethernet 3/12
Router(config-if)# switchport port-security maximum 64
Router(config-if)# do show port-security interface fastethernet 5/12 | include Maximum
Maximum MAC Addresses
OL-11439-03
1
slot/port
slot/port | include Maximum
The range for number_of_addresses is 1 to 4,097.
Port security supports trunks.
On a trunk, you can configure the maximum number of secure MAC addresses both on the trunk
–
and for all the VLANs on the trunk.
You can configure the maximum number of secure MAC addresses on a single VLAN or a range
–
of VLANs.
For a range of VLANs, enter a dash-separated pair of VLAN numbers.
–
You can enter a comma-separated list of VLAN numbers and dash-separated pairs of VLAN
–
numbers.
Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY
End with CNTL/Z.
: Restrict
Purpose
Selects the LAN port to configure.
Sets the maximum number of secure MAC addresses for
the port (default is 1).
Per-VLAN configuration is supported only on
Note
trunks.
Reverts to the default configuration.
Verifies the configuration.
End with CNTL/Z.
: 64
Configuring Port Security
43-7