Table of Contents
Advertisement
Configuring Port Security
This chapter describes how to configure port security on the Catalyst 6000 family switches.
For complete syntax and usage information for the commands used in this chapter, refer to the
Note
Catalyst 6000 Family Command Reference publication.
This chapter consists of these sections:
•
•
•
Understanding How Port Security Works
You can use port security to block input to an Ethernet, Fast Ethernet, or Gigabit Ethernet port when the
MAC address of the station attempting to access the port is different from any of the MAC addresses
specified for that port. Alternatively, you can use port security to filter traffic destined to or received
from a specific host based on the host MAC address.
This section describes the following traffic filtering methods:
•
•
Allowing Traffic Based on the Host MAC Address
The total number of MAC addresses that can be specified per port is limited to the global resource of
1024 plus one default MAC address. The total number of MAC addresses on any port cannot exceed
1025.
Allocation of the maximum number of MAC addresses for each port depends on your network
configuration. The following combinations are examples of valid allocations:
•
•
•
78-13315-02
Understanding How Port Security Works, page 35-1
Port Security Configuration Guidelines, page 35-3
Configuring Port Security, page 35-3
Allowing Traffic Based on the Host MAC Address, page 35-1
Restricting Traffic Based on the Host MAC Address, page 35-2
1025 (1 + 1024) addresses on 1 port and 1 address each on the rest of the ports.
513 (1 + 512) each on 2 ports in a system and 1 address each on the rest of the ports.
901 (1 + 900) on one port, 101 (1 + 100) on another port, 25 (1 + 24) on the third port, and 1 address
each on the rest of the ports.
Catalyst 6000 Family Software Configuration Guide—Releases 6.3 and 6.4
C H A P T E R
35
35-1
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
