Verification
To verify the configuration of port security on the switch, use the following command:
(privileged) show port security [interface interface-id] [address]
Feature Example
This example shows the configuration for port security. In this example, ports Fast
Ethernet 2/1 are configured to enable a single MAC address 00-01-03-87-09-43 to have
access to the port and will shut down if the security is violated. Ports 2/2 and 2/3 are
configured to enable ten addresses each, which the switch will learn as devices plug into
the ports and will drop unauthorized packets.
An example of IOS configuration follows:
Switch(config)# interface fastethernet 2/1
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address 00-01-03-87-09-43
Switch(config-if)# switchport port-security violation shutdown
Switch(config-if)# interface fastethernet 2/2
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 10
Switch(config-if)# interface fastethernet 2/3
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 10
Switch(config-if)# end
Switch(config)# copy running-config startup-config
11-4: VLAN Access Control Lists
■
Access control lists (ACL) define how traffic is to be handled as it passes through a
network device.
ACLs use addressing and port information to control conversations.
■
ACLs are typically implemented in routers, but new hardware enables Layer 2 and
■
Layer 3 switches to consult the list before passing the packet.
ACLs enable users to configure any switch to control traffic based on Layer 3 and
■
above of the OSI reference model.
■
These ACLs are mapped to a VLAN or a Layer 2 port to control traffic flows.
■
VACLs are controlled in hardware and are not supported on all platforms.
■
Currently VACLs are supported on the 6500, 4500, 3560, and 3750 series switches.
Chapter 11: Controlling Traffic and Switch Access 175