Port Security And Switch Stacks; Port Security And Private Vlans - Cisco Catalyst 3750-X Software Configuration Manual

Configuring Port Security
To disable port security aging for all secure addresses on a port, use the no switchport port-security
aging time interface configuration command. To disable aging for only statically configured secure
addresses, use the no switchport port-security aging static interface configuration command.
This example shows how to set the aging time as 2 hours for the secure addresses on a port:
Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# switchport port-security aging time 120
This example shows how to set the aging time as 2 minutes for the inactivity aging type with aging
enabled for the configured secure addresses on the interface:
Switch(config-if)# switchport port-security aging time 2
Switch(config-if)# switchport port-security aging type inactivity
Switch(config-if)# switchport port-security aging static
You can verify the previous commands by entering the show port-security interface interface-id
privileged EXEC command.

Port Security and Switch Stacks

When a switch joins a stack, the new switch will get the configured secure addresses. All dynamic secure
addresses are downloaded by the new stack member from the other stack members.
When a switch (either the stack master or a stack member) leaves the stack, the remaining stack members
are notified, and the secure MAC addresses configured or learned by that switch are deleted from the
secure MAC address table. For more information about switch stacks, see
Stacks."

Port Security and Private VLANs

Port security allows an administrator to limit the number of MAC addresses learned on a port or to define
which MAC addresses can be learned on a port.
Beginning in privileged EXEC mode, follow these steps to configure port security on a PVLAN host and
promiscuous ports:
Command
Step 1
configure terminal
Step 2 interface interface-id
switchport mode private-vlan {host |
Step 3
promiscuous}
Step 4
switchport port-security
Step 5
end
show port-security [interface interface-id]
Step 6
[address]
Step 7
copy running-config startup-config
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
28-18
Chapter 28
Purpose
Enter global configuration mode.
Specify the interface to be configured, and enter interface
configuration mode.
Enable a private vlan on the interface.
Enable port security on the interface.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Configuring Port-Based Traffic Control
Chapter 5, "Managing Switch
OL-21521-01