Table of Contents
Advertisement
Chapter 16
Configuring Port Security
Restricting Traffic Based on the Host MAC Address
You can filter traffic based on a host MAC address, so that packets tagged with a specific source MAC
address are discarded. When you specify a MAC address filter with the set cam filter command,
incoming traffic from that host MAC address is dropped, and packets addressed to that host are not
forwarded.
Note
The set cam filter command allows filtering for unicast addresses only. You cannot filter traffic for
multicast addresses with this command.
Port Security Configuration Guidelines
Follow these guidelines when configuring port security:
•
•
•
Configuring Port Security
These sections describe how to configure port security:
•
•
•
•
•
•
•
•
•
78-12647-02
You cannot configure port security on a SPAN destination port and vice versa.
You cannot configure dynamic, static, or permanent CAM entries on a secure port.
When you enable port security on a port, any static or dynamic CAM entries associated with the port
are cleared; any currently configured permanent CAM entries are treated as secure.
Enabling Port Security, page 16-4
Specifying the Maximum Number of Secure MAC Addresses, page 16-4
Specifying the Port Security Age Time, page 16-5
Clearing MAC Addresses, page 16-5
Specifying Security Violation Action, page 16-6
Specifying Shutdown Time, page 16-6
Disabling Port Security, page 16-7
Restricting Traffic Based on Host MAC Address, page 16-7
Monitoring Port Security, page 16-8
Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4
Port Security Configuration Guidelines
16-3
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
