Configuring Auto Security
AS configures trunk or DHCP server-facing port(s) as trusted (with the ip dhcp-snooping trust
command).
Dynamic ARP Inspection
AS enables this feature globally on all VLANs present on the switch (with the ip arp inspection vlan
vlanid) command.
AS configures the trunk port as trusted (with the ip arp inspection trust command).
Port Security
AS enables this feature on all the switch's access ports (with the switchport port-security command).]
Configuring Auto Security
Enabling auto security globally
To enable auto security globally, perform this task:
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# auto security
Step 3
Switch(config)# end
Step 4
Switch# show running-config | i security
This example shows how to enable auto security globally:
Switch(config)# auto security
Switch# show running-config | i security
auto security
Relevant baseline security feature CLI as shown in the output of the show auto security command is
applied on or removed from access and trunk ports.
Disabling auto security globally
To disable auto security globally, perform this task:
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# no auto security
Step 3
Switch(config)# end
Step 4
Switch# show running-config | isecurity
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
56-2
Purpose
Enters global configuration mode.
Enables auto security globally.
Returns to privileged EXEC mode.
(Optional) Saves your entries in the configuration file.
Purpose
Enters global configuration mode.
Dis-enables auto security globally.
Returns to privileged EXEC mode.
(Optional) Saves your entries in the configuration file.
Chapter 56
Configuring Auto Security