Configuring Port Security; Understanding Port Security; Secure Mac Addresses - Cisco WS-CBS3032-DEL Software Configuration Manual

Chapter 26 Configuring Port-Based Traffic Control
To return the interface to the default condition where no traffic is blocked and normal forwarding occurs
on the port, use the no switchport block {multicast | unicast} interface configuration commands.
This example shows how to block unicast and Layer 2 multicast flooding on a port:
Switch# configure terminal
Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# switchport block multicast
Switch(config-if)# switchport block unicast
Switch(config-if)# end

Configuring Port Security

You can use the port security feature to restrict input to an uplink interface by limiting and identifying
MAC addresses of the stations allowed to access the uplink port. When you assign secure MAC
addresses to a secure port, the port does not forward packets with source addresses outside the group of
defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure
MAC address, the workstation attached to that port is assured the full bandwidth of the port.
If a uplink port is configured as a secure port and the maximum number of secure MAC addresses is
reached, when the MAC address of a station attempting to access the port is different from any of the
identified secure MAC addresses, a security violation occurs. Also, if a station with a secure MAC
address configured or learned on one secure port attempts to access another secure port, a violation is
flagged.
These sections contain this conceptual and configuration information:
•
•
•
•
•
•
•

Understanding Port Security

These sections contain this conceptual information:
•
•

Secure MAC Addresses

You configure the maximum number of secure addresses allowed on an uplink port by using the
switchport port-security maximum value interface configuration command.
If you try to set the maximum value to a number less than the number of secure addresses already
Note
configured on an interface, the command is rejected.
OL-13270-06
Understanding Port Security, page 26-9
Default Port Security Configuration, page 26-11
Port Security Configuration Guidelines, page 26-12
Enabling and Configuring Port Security, page 26-13
Enabling and Configuring Port Security Aging, page 26-18
Port Security and Switch Stacks, page 26-19
Port Security and Private VLANs, page 26-20
Secure MAC Addresses, page 26-9
Security Violations, page 26-10
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
Configuring Port Security
26-9