Cisco catalyst 3750 Command Reference Manual page 877
Hide thumbs
Also See for catalyst 3750:
- Software configuration manual (926 pages) ,
- Command reference manual (854 pages) ,
- Hardware installation manual (231 pages)
Table of Contents
Advertisement
Chapter 2 Catalyst 3750 Switch Cisco IOS Commands
vlan [vlan-list]
violation
protect
restrict
shutdown
shutdown vlan
Defaults
The default is to disable port security.
When port security is enabled and no keywords are entered, the default maximum number of secure
MAC addresses is 1.
The default violation mode is shutdown.
Sticky learning is disabled.
Command Modes
Interface configuration
OL-8552-07
(Optional) For trunk ports, you can set the maximum number of secure
MAC addresses on a VLAN. If the vlan keyword is not entered, the
default value is used.
vlan—set a per-VLAN maximum value.
•
vlan vlan-list—set a per-VLAN maximum value on a range of
•
VLANs separated by a hyphen or a series of VLANs separated by
commas. For nonspecified VLANs, the per-VLAN maximum value
is used.
(Optional) Set the security violation mode or the action to be taken if
port security is violated. The default is shutdown.
Set the security violation protect mode. In this mode, when the number
of port secure MAC addresses reaches the maximum limit allowed on
the port, packets with unknown source addresses are dropped until you
remove a sufficient number of secure MAC addresses to drop below the
maximum value or increase the number of maximum allowable
addresses. You are not notified that a security violation has occurred.
We do not recommend configuring the protect mode on a trunk
Note
port. The protect mode disables learning when any VLAN
reaches its maximum limit, even if the port has not reached its
maximum limit.
Set the security violation restrict mode. In this mode, when the number
of secure MAC addresses reaches the limit allowed on the port, packets
with unknown source addresses are dropped until you remove a
sufficient number of secure MAC addresses or increase the number of
maximum allowable addresses. An SNMP trap is sent, a syslog message
is logged, and the violation counter increments.
Set the security violation shutdown mode. In this mode, the interface is
error-disabled when a violation occurs and the port LED turns off. An
SNMP trap is sent, a syslog message is logged, and the violation counter
increments. When a secure port is in the error-disabled state, you can
bring it out of this state by entering the errdisable recovery cause
psecure-violation global configuration command, or you can manually
re-enable it by entering the shutdown and no shut down interface
configuration commands.
Set the security violation mode to per-VLAN shutdown. In this mode,
only the VLAN on which the violation occurred is error-disabled.
Catalyst 3750 Switch Command Reference
switchport port-security
2-847
Advertisement
Chapters
Table of Contents
