Configuring Port Security; Understanding Port Security - Cisco WS-C3550-12G Software Configuration Manual
Multilayer switch
Hide thumbs
Also See for WS-C3550-12G:
- User manual (436 pages) ,
- Manual (278 pages) ,
- Datasheet (19 pages)
Table of Contents
Advertisement
Configuring Port Security
Configuring Port Security
You can use the port security feature to restrict input to an interface by limiting and identifying MAC
addresses of the stations allowed to access the port. When you assign secure MAC addresses to a secure
port, the port does not forward packets with source addresses outside the group of defined addresses. If
you limit the number of secure MAC addresses to one and assign a single secure MAC address, the
workstation attached to that port is assured the full bandwidth of the port.
If a port is configured as a secure port and the maximum number of secure MAC addresses is reached,
when the MAC address of a station attempting to access the port is different from any of the identified
secure MAC addresses, a security violation occurs. Also, if a station with a secure MAC address
configured or learned on one secure port attempts to access another secure port, a violation is flagged.
Understanding Port Security
After you have set the maximum number of secure MAC addresses on a port (the range is 1 to 128 with
a default of 128), the secure addresses are included in an address table in one of these ways:
•
•
•
If the port shuts down, all dynamically learned addresses are removed.
Note
Once the maximum number of secure MAC addresses is configured, they are stored in an address table.
Setting a maximum number of addresses to one and configuring the MAC address of an attached device
ensures that the device has the full bandwidth of the port.
It is a security violation when one of these situations occurs:
•
•
You can configure the interface for one of three violation modes, based on the action to be taken if a
violation occurs:
•
•
•
Catalyst 3550 Multilayer Switch Software Configuration Guide
12-8
You can configure all secure MAC addresses by using the switchport port-security mac-address
mac_address interface configuration command.
You can allow the port to dynamically configure secure MAC addresses with the MAC addresses of
connected devices.
You can configure a number of addresses and allow the rest to be dynamically configured.
The maximum number of secure MAC addresses have been added to the address table and a station
whose MAC address is not in the address table attempts to access the interface.
A station whose MAC address is configured as a secure MAC address on another secure port
attempts to access the interface.
protect—when the number of secure MAC addresses reaches the maximum limit allowed on the
port, packets with unknown source addresses are dropped until you remove a sufficient number of
secure MAC addresses to drop below the maximum value.
restrict—a port security violation causes a trap notification to be sent to the network management
station (NMS).
shutdown—a port security violation causes a the interface to shut down immediately and an SNMP
trap notification is sent. Once shut down, the interface must be manually re-enabled by using the no
shutdown interface configuration command. This is the default mode.
Chapter 12
Configuring Port-Based Traffic Control
78-11194-03
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
