Table of Contents
Advertisement
Chapter 43
Configuring Port Security
Default Port Security Configuration
Table 43-1
Table 43-1
Feature
Port security
Maximum number of secure MAC addresses
Violation mode
Port Security Guidelines and Restrictions
When configuring port security, follow these guidelines:
•
•
•
•
•
•
OL-11439-03
shows the default port security configuration for an interface.
Default Port Security Configuration
To bring a secure port out of the error-disabled state with the default port security configuration,
enter the errdisable recovery cause shutdown global configuration command, or manually
reenable it by entering the shutdown and no shut down interface configuration commands.
Enter the clear port-security dynamic global configuration command to clear all dynamically
learned secure addresses. See the Catalyst Supervisor Engine 32 PISA Cisco IOS Command
Reference, Release 12.2ZY, for complete syntax information.
Port security learns authorized MAC addresses with a bit set that causes traffic to them or from them
to be dropped. The show mac-address-table command displays the unauthorized MAC addresses,
but does not display the state of the bit. (CSCeb76844)
To preserve dynamically learned sticky MAC addresses and configure them on a port following a
bootup or a reload and after the dynamically learned sticky MAC addresses have been learned, you
must enter a write memory or copy running-config startup-config command to save them in the
startup-config file.
Port security supports private VLAN (PVLAN) ports.
Port security supports nonnegotiating trunks.
Port security only supports trunks configured with these commands:
–
switchport
switchport trunk encapsulation
switchport mode trunk
switchport nonegotiate
–
If you reconfigure a secure access port as a trunk, port security converts all the sticky and static
secure addresses on that port that were dynamically learned in the access VLAN to sticky or
static secure addresses on the native VLAN of the trunk. Port security removes all secure
addresses on the voice VLAN of the access port.
If you reconfigure a secure trunk as an access port, port security converts all sticky and static
–
addresses learned on the native VLAN to addresses learned on the access VLAN of the access
port. Port security removes all addresses learned on VLANs other than the native VLAN.
Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY
Default Port Security Configuration
Default Setting
Disabled on a port
1
Shutdown. The port shuts down when the maximum
number of secure MAC addresses is exceeded, and an
SNMP trap notification is sent.
43-3
- Quick Links:
- Product Overview
Hide quick links:
Advertisement
Table of Contents
