| General Security Measures
C
25
HAPTER
Port Security
addresses when it reaches a configured maximum number. Only
incoming traffic with source addresses already stored in the dynamic or
static address table will be accepted.
First use the port security max-mac-count command to set the
◆
number of addresses, and then use the port security command to
enable security on the port. (The specified maximum address count is
effective when port security is enabled or disabled.)
◆
Use the no port security max-mac-count command to disable port
security and reset the maximum number of addresses to the default.
You can also manually add secure addresses with the
◆
table static
command.
◆
A secure port has the following restrictions:
Cannot be connected to a network interconnection device.
■
Cannot be a trunk port.
■
If a port is disabled due to a security violation, it must be manually re-
◆
enabled using the
no shutdown
E
XAMPLE
The following example enables port security for port 5, and sets the
response to a security violation to issue a trap message:
Console(config)#interface ethernet 1/5
Console(config-if)#port security action trap
R
C
ELATED
OMMANDS
show interfaces status (710)
shutdown (705)
mac-address-table static (754)
– 640 –
mac-address-
command.