Cisco 2950G 24 - Catalyst Switch Software Configuration Manual page 422

Configuring Port Security
Command
Step 5 switchport port-security maximum
value
Step 6
switchport port-security violation
{protect | restrict | shutdown}
Step 7
switchport port-security mac-address
mac-address
Step 8 switchport port-security mac-address
sticky
Step 9
switchport port-security mac-address
sticky mac-address
Step 10
end
Step 11 show port-security
show port-security address
show port-security interface
interface-id
Step 12
copy running-config startup-config
Catalyst 2950 Desktop Switch Software Configuration Guide
18-8
Purpose
(Optional) Set the maximum number of secure MAC addresses for the
interface. The range is 1 to 132; the default is 1.
(Optional) Set the violation mode, the action to be taken when a security
violation is detected, as one of these:
• protect—When the number of port secure MAC addresses reaches
the maximum limit allowed on the port, packets with unknown
source addresses are dropped until you remove a sufficient number
of secure MAC addresses to drop below the maximum value.
restrict—A port security violation restricts data and causes the
•
SecurityViolation counter to increment and sends an SNMP trap.
shutdown—The interface is error-disabled when a security
•
violation occurs.
When a secure port is in the error-disabled state, you can bring
Note
it out of this state by entering the errdisable recovery cause
psecure-violation global configuration command, or you can
manually re-enable it by entering the shutdown and no
shutdown interface configuration commands.
(Optional) Enter a static secure MAC address for the interface, repeating
the command as many times as necessary. You can use this command to
enter the maximum number of secure MAC addresses. If you configure
fewer secure MAC addresses than the maximum, the remaining MAC
addresses are dynamically learned.
Note If you enable sticky learning after you enter this command, the
secure addresses that were dynamically learned are converted to
sticky secure MAC addresses and are added to the running
configuration.
(Optional) Enable stick learning on the interface.
(Optional) Enter a sticky secure MAC address, repeating the command
as many times as necessary. If you configure fewer secure MAC
addresses than the maximum, the remaining MAC addresses are
dynamically learned, are converted to sticky secure MAC addresses, and
are added to the running configuration.
Note If you do not enable sticky learning before this command is
entered, an error message appears, and you cannot enter a sticky
secure MAC address.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Chapter 18 Configuring Port-Based Traffic Control
78-14982-01