Example 7: Displaying Secured Mac Addresses For A Vlan Range On An Interface - Cisco Catalyst 4500 series Administration Manual
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 49
Configuring Port Security
Example 7: Displaying Secured MAC Addresses for a VLAN Range on an Interface
This example shows how to display all secure MAC addresses configured on VLANs 2 and 3 on
Gigabit Ethernet interface 1/1 with aging information for each address:
Switch# show port-security interface g1/1 address vlan 2-3
------------------------------------------------------------------------
Vlan
----
2
2
2
3
3
3
------------------------------------------------------------------------
Total Addresses: 12
Switch#
Configuring Port Security with Other Features/Environments
The following topics are discussed:
•
•
•
DHCP and IP Source Guard
You might want to configure port security with DHCP and IP Source Guard to prevent IP spoofing by
unsecured MAC addresses. IP Source Guard supports two levels of IP traffic filtering:
•
•
When used in source IP and MAC address filtering, IP Source Guard uses private ACLs to filter traffic
based on the source IP address, and uses port security to filter traffic based on the source MAC address.
Port security must be enabled on the access port in this mode.
When both features are enabled, the following limitations apply:
•
•
OL_28731-01
Secure Mac Address Table
Mac Address
Type
-----------
----
0001.0001.0001
SecureConfigured
0001.0001.0002
SecureSticky
0001.0001.0003
SecureSticky
0001.0001.0001
SecureConfigured
0001.0001.0002
SecureSticky
0001.0001.0003
SecureSticky
DHCP and IP Source Guard, page 49-31
802.1X Authentication, page 49-32
Configuring Port Security in a Wireless Environment, page 49-32
Source IP address filtering
Source IP and MAC address filtering
The DHCP packet is not subject to port security dynamic learning.
If multiple IP clients are connected to a single access port, port security cannot enforce exact binding
of source IP and MAC address for each client.
For example, these clients reside on an access port with the following IP and MAC address:
client1: MAC1 <---> IP1
–
client2: MAC2 <---> IP2e bAny combination of the source MAC and IP address traffic will be
–
allowed as shown here:
MAC1 <---> IP1, valid
–
MAC2 <---> IP2, valid
–
Configuring Port Security with Other Features/Environments
Ports
-----
Gi1/1
Gi1/1
Gi1/1
Gi1/1
Gi1/1
Gi1/1
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
Remaining Age(mins)
-------------
-
-
-
-
-
-
49-31
Advertisement
Chapters
Table of Contents
Troubleshooting
