1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. Catalyst 2000
  6. Configuration handbook

Port Security - Cisco Catalyst 2000 Configuration Handbook

Catalyst series lan switching
Hide thumbs
Table of Contents

Advertisement

188 Cisco LAN Switching Configuration Handbook

Port Security

You can use the port security feature to limit and identify MAC addresses of the stations
allowed to access the port. This restricts input to an interface. When you assign secure
MAC addresses to a secure port, the port does not forward packets with source address-
es outside the group of defined addresses. If you limit the number of secure MAC
addresses to one and assign a single secure MAC address, the workstation attached to
that port is assured the full bandwidth of the port. If a port is configured as a secure port
and the maximum number of secure MAC addresses is reached, when the MAC address
of a station that attempts to access the port is different from any of the identified secure
MAC addresses, a security violation occurs. Also, if a station with a secure MAC address
configured or learned on one secure port attempts to access another secure port, a viola-
tion is flagged. By default, the port shuts down when the maximum number of secure
MAC addresses is exceeded.
Feature Example
The port security feature is shown configured on the FastEthernet 1/0/2 interface; we
allow only mac-address 0011.858D.9AF9 on interface FastEthernet 1/0/2. By default, the
maximum number of secure MAC addresses for the interface is one. You can issue the
show port-security interface command to verify the port security status for an interface:
switch(config)# interface fastEthernet 1/0/2
switch(config-if)# switchport mode access
switch(config-if)# switchport port-security
switch(config-if)# switchport port-security mac-address 0011.858D.9AF9
switch(config-if)# switchport port-security violation shutdown
Verification
Now we connect a different device into the FastEthernet 1/0/2 interface:
00:22:51: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa1/0/2,
00:22:51: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred,
00:22:52: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/2,
00:22:53: %LINK-3-UPDOWN: Interface FastEthernet1/0/2, changed state to down
Note With the show error-disable command, you can use the errdisable recovery cause
psecure-violation global configuration command, or you can manually reenable it by
entering the shutdown and no shutdown interface configuration commands.
putting Fa1/0/2 in err-disable state
caused by MAC address 0011.8565.4B75 on port FastEthernet1/0/2.
changed state to down
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco Catalyst 2000

Related Content for Cisco Catalyst 2000

This manual is also suitable for:

Catalyst 3000Catalyst 3560-eCatalyst 2940Catalyst 2975Catalyst 2960Catalyst 4948 ... Show all

Table of Contents