Example Of Port Security On A Private Vlan Promiscuous Port - Cisco Catalyst 4500 Series Software Configuration Manual
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 55
Configuring Port Security
Example of Port Security on a Private VLAN Promiscuous Port
The following example shows how to configure port security on a private VLAN promiscuous port, Fast
Ethernet interface 3/12:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# vlan 6
Switch(config-vlan)# private-vlan isolated
Switch(config-vlan)# exit
Switch(config)# vlan 3
Switch(config-vlan)# private-vlan primary
Switch(config-vlan)# private-vlan association add 6
Switch(config-vlan)# exit
Switch(config)# interface fastethernet 3/12
Switch(config-if)# switchport mode private-vlan promiscuous
Switch(config-if)# switchport mode private-vlan mapping 3 6
Switch(config-if)# switchport port-security
Switch(config-if)# end
Configuring Port Security on Trunk Ports
You might want to configure port security on trunk ports in metro aggregation to limit the number of
MAC addresses per-VLAN. Trunk port security extends port security to trunk ports. It restricts the
allowed MAC addresses or the maximum number of MAC addresses to individual VLANs on a trunk
port. Trunk port security enables service providers to block the access from a station with a different
MAC address than the ones specified for that VLAN on that trunk port. Trunk port security is also
supported on private VLAN trunk ports.
Note
Port security can be enabled on a Layer 2 port channel interface configured in mode. The port security
configuration on an EtherChannel is kept independent of the configuration of any physical member
ports.
These sections describe how to configure trunk port security:
•
•
•
Configuring Trunk Port Security
Trunk port security is used when a Catalyst 4500 series switch has a dot1q or isl trunk attached to a
neighborhood Layer 2 switch. This may be used, for example, in metro aggregation networks
(Figure
Configuring Trunk Port Security, page 55-17
Examples of Trunk Port Security, page 55-19
Trunk Port Security Configuration Guidelines and Restrictions, page 55-21
55-2).
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Configuring Port Security on Trunk Ports
55-17
Advertisement
Chapters
Table of Contents
Troubleshooting
