Cisco Catalyst 3550 series Software Configuration Manual page 461
Multilayer switch
Hide thumbs
Also See for Catalyst 3550 series:
- Reference manual (58 pages) ,
- Datasheet (21 pages) ,
- Manual (19 pages)
Table of Contents
Advertisement
Chapter 21
Configuring Port-Based Traffic Control
To return the interface to the default condition as not a secure port, use the no switchport port-security
interface configuration command. If you enter this command when sticky learning is enabled, the sticky
secure addresses remain part of the running configuration but are removed from the address table. All
addresses are now dynamically learned.
To return the interface to the default number of secure MAC addresses, use the no switchport
port-security maximum value interface configuration command.
To return the violation mode to the default condition (shutdown mode), use the no switchport
port-security violation {protect | restrict} interface configuration command.
To disable sticky learning on an interface, use the no switchport port-security mac-address sticky
interface configuration command. The interface converts the sticky secure MAC addresses to dynamic
secure addresses.
To delete a static secure MAC address from the address table, use the clear port-security configured
address mac-address privileged EXEC command. To delete all the static secure MAC addresses on an
interface or a VLAN, use the clear port-security configured interface interface-id privileged EXEC
command.
To delete a dynamic secure MAC address from the address table, use the clear port-security dynamic
address mac-address privileged EXEC command. To delete all the dynamic addresses on an interface
or a VLAN, use the clear port-security dynamic interface interface-id privileged EXEC command.
To delete a sticky secure MAC addresses from the address table, use the clear port-security sticky
address mac-address privileged EXEC command. To delete all the sticky addresses on an interface or a
VLAN, use the clear port-security sticky interface interface-id privileged EXEC command.
This example shows how to enable port security on Fast Ethernet port 1 and to set the maximum number
of secure addresses to 50. The violation mode is the default, no static secure MAC addresses are
configured, and sticky learning is enabled.
Switch# configure terminal
Enter configuration commands, one per line.
Switch(config)# interface fastethernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 50
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# end
Switch# show port-security interface fastethernet0/1
Port Security
Port Status
Violation Mode
Aging Time
Aging Type
SecureStatic Address Aging : Enabled
Maximum MAC Addresses
Total MAC Addresses
Configured MAC Addresses
Sticky MAC Addresses
Last Source Address
Security Violation Count
This example shows how to configure a static secure MAC address on Fast Ethernet port 12, enable
sticky learning, and verify the configuration:
Switch# configure terminal
Enter configuration commands, one per line.
Switch(config)# interface fastethernet0/12
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address 0000.02000.0004
78-11194-09
End with CNTL/Z.
: Enabled
: Secure-up
: Shutdown
: 20 mins
: Inactivity
: 50
: 11
: 0
: 11
: 0000.0000.0000
: 0
End with CNTL/Z.
Catalyst 3550 Multilayer Switch Software Configuration Guide
Configuring Port Security
21-13
Advertisement
Table of Contents
Troubleshooting
