Information About Port Security; Port Security; Types Of Secure Mac Addresses; Sticky Secure Mac Addresses - Cisco Catalyst 2960-XR Security Configuration Manual
Ios release 15.0 2 ex1
Hide thumbs
Also See for Catalyst 2960-XR:
- Configuration manual (196 pages) ,
- Configuration manuals (120 pages) ,
- Reference (52 pages)
Table of Contents
Advertisement
Information About Port Security
Information About Port Security
Port Security
You can use the port security feature to restrict input to an interface by limiting and identifying MAC addresses
of the stations allowed to access the port. When you assign secure MAC addresses to a secure port, the port
does not forward packets with source addresses outside the group of defined addresses. If you limit the number
of secure MAC addresses to one and assign a single secure MAC address, the workstation attached to that
port is assured the full bandwidth of the port.
If a port is configured as a secure port and the maximum number of secure MAC addresses is reached, when
the MAC address of a station attempting to access the port is different from any of the identified secure MAC
addresses, a security violation occurs. Also, if a station with a secure MAC address configured or learned on
one secure port attempts to access another secure port, a violation is flagged.
Related Topics
Enabling and Configuring Port Security, on page 340
Configuration Examples for Port Security, on page 347
Types of Secure MAC Addresses
The switch supports these types of secure MAC addresses:
• Static secure MAC addresses—These are manually configured by using the switchport port-security
• Dynamic secure MAC addresses—These are dynamically configured, stored only in the address table,
• Sticky secure MAC addresses—These can be dynamically learned or manually configured, stored in
Sticky Secure MAC Addresses
You can configure an interface to convert the dynamic MAC addresses to sticky secure MAC addresses and
to add them to the running configuration by enabling sticky learning. The interface converts all the dynamic
secure MAC addresses, including those that were dynamically learned before sticky learning was enabled, to
sticky secure MAC addresses. All sticky secure MAC addresses are added to the running configuration.
The sticky secure MAC addresses do not automatically become part of the configuration file, which is the
startup configuration used each time the switch restarts. If you save the sticky secure MAC addresses in the
configuration file, when the switch restarts, the interface does not need to relearn these addresses. If you do
not save the sticky secure addresses, they are lost.
If sticky learning is disabled, the sticky secure MAC addresses are converted to dynamic secure addresses
and are removed from the running configuration.
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
336
mac-address mac-address interface configuration command, stored in the address table, and added to
the switch running configuration.
and removed when the switch restarts.
the address table, and added to the running configuration. If these addresses are saved in the configuration
file, when the switch restarts, the interface does not need to dynamically reconfigure them.
Configuring Port-Based Traffic Control
OL-29434-01
Advertisement
Table of Contents
