Configuring Auto Security - Cisco Catalyst 4500 Series Software Configuration Manual

Configuring Auto Security

This chapter describes how to configure auto security on the Catalyst 4500 series switch.
It consists of these sections:
•
•
•
•
For complete syntax and usage information for the switch commands used in this chapter, see the
Note
Cisco IOS Command Reference Guides for the Catalyst 4500 Series
If a command is not in the Cisco Catalyst 4500 Series Switch Command Reference , you can locate it in
the
About Auto Security
Prior to Release IOS XE 3.6.0E and IOS 15.2(2)E, the Catalyst 4500 series switch offered IPv4 baseline
security features (like Port Security), which must be enabled globally and on per port basis. Moreover,
the baseline security feature CLIs for uplink ports differ from those for downlink CLIs.
Beginning with Release IOS XE 3.6.0E and IOS 15.2(2)E, the Catalyst 4500 series switch supports Auto
Security (AS), which provides a single line CLI, to enable base line security features.
AS supports the IPv4 baseline security features: DHCP Snooping, Dynamic ARP Inspection, and Port
Security.
Feature Interaction
Auto security interacts with Port Security, DHCP snooping, DAI modules.
DHCP Snooping
Auto Security (AS) enables DHCP Snooping globally (with the ip dhcp snooping command) and also
on VLANs 2-1005 (with the ip dhcp snooping vlan vlanid command).
About Auto Security, page 56-1
Feature Interaction, page 56-1
Configuring Auto Security, page 56-2
Guidelines and Restrictions, page 56-6
Cisco IOS Master Command List, All
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
C H A P T E R
Releases.
56
Switch.
56-1