Switchport Port-Security - Cisco 4500M Command Reference Manual

switchport port-security

switchport port-security
To enable port security on an interface, use the switchport port-security command. To disable port
security and set parameters to their default states, use the no form of this command.
Syntax Description
aging
static
time time
type absolute
type inactivity
limit rate
invalid-source-mac
N none
mac-address mac-address
sticky
maximum value
violation
restrict
shutdown
Defaults
The default settings are as follows:
•
Catalyst4500 Series SwitchCiscoIOS Command Reference—Release 12.2(18)EW
2-464
switchport port-security [aging {static | time time | type {absolute | inactivity}} |
limit rate invalid-source-mac [N | none ] | mac-address mac-address | mac-address sticky
[mac-address] | maximum value | violation {restrict | shutdown}]
no switchport port-security [aging {static | time time | type {absolute | inactivity}} |
limit rate invalid-source-mac [N | none ] | mac-address mac-address | mac-address sticky
[mac-address] | maximum value | violation {restrict | shutdown}]
Port security is disabled.
Chapter2 Cisco IOS Commands for the Catalyst 4500 Series Switches
(Optional) Specifies aging for port security.
(Optional) Enables aging for statically configured secure addresses on
this port.
(Optional) Specifies the aging time for this port. The valid values are
from 0 to 1440 minutes. If the time is 0, aging is disabled for this port.
(Optional) Sets the aging type as absolute aging. All the secure
addresses on this port age out exactly after the time (minutes) specified
and are removed from the secure address list.
(Optional) Sets the aging type as inactivity aging. The secure addresses
on this port age out only if there is no data traffic from the secure source
address for the specified time period.
(Optional) Sets the rate limit for bad packets. This rate limit also applies
to the port where DHCP snooping security mode is enabled as filtering
the IP and MAC address.
(Optional) Supplies a rate limit (N) or indicates none ( none ).
(Optional) Specifies a secure MAC address for the interface; a 48-bit
MAC address. You can add additional secure MAC addresses up to the
maximum value that is configured.
(Optional) Configures dynamic addresses as sticky on the interface.
(Optional) Sets the maximum number of secure MAC addresses for the
interface. Valid values are from 1 to 1024. The default setting is 1.
(Optional) Sets the security violation mode and action to be taken if port
security is violated.
(Optional) Sets the security violation restrict mode. In this mode, a port
security violation restricts data and causes the security vi olation counter
to increment.
(Optional) Sets the security violation shutdown mode. In this mode, a
port security violation causes the interface to immediately become error
disabled.
78-16201-01