Table of Contents
Advertisement
Configuring Port Security on the Switch
This example shows how to configure the switch to disable the unicast flood packets on a port and how
to verify its configuration:
Console> (enable) set port security 4/1 unicast-flood disable
Port 4/1 security flood mode set to disable.
Console> (enable) show port security 4/1
Port
----- -------- --------- ------------- -------- -------- -------- -------
4/1
Port
----- -------- ----------------- -------- ----------------- ------------------
4/1
Port Flooding on Address Limit
---- -------------------------
4/1
Console> (enable) show port unicast-flood 4/1
Port
----
4/1
Console> (enable)
The show port unicast-flood command displays the run-time status of the unicast flood blocking. The
Note
output can show the unicast flooding as either enabled or disabled depending if the port has exceeded its
address limitation.
Specifying the Security Violation Action
You can set the port for the following two modes to handle a security violation:
•
•
To specify the security violation action to be taken, perform this task in privileged mode:
Task
Specify the violation action on a port.
This example shows how to specify that port 7/7 drop all packets from the insecure hosts:
Console> (enable) set port security 7/7 violation restrict
Port security violation on port 7/7 will cause insecure packets to be dropped.
Console> (enable)
If you restrict the number of secure MAC addresses on a port to one and additional hosts attempt to
Note
connect to that port, port security prevents these additional hosts from connecting to that port and to any
other port in the same VLAN for the duration of the VLAN aging time. By default, the VLAN aging time
is 5 minutes. If a host is blocked from joining a port in the same VLAN as the secured port, allow the
VLAN aging time to expire before you attempt to connect the host to the port again.
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
38-10
Security Violation Shutdown-Time Age-Time Max-Addr Trap
disabled
shutdown
Num-Addr Secure-Src-Addr
0
Disabled
Unicast Flooding
----------------
Disabled
Shutdown—Shuts down the port permanently or for a specified time. Permanent shutdown is the
default mode.
Restrictive—Drops all packets from the insecure hosts but remains enabled.
0
0
Age-Left Last-Src-Addr
-
-
Command
set port security mod/port violation {shutdown
| restrict}
Chapter 38
Configuring Port Security
IfIndex
1 disabled
50
Shutdown/Time-Left
-
-
-
OL-8978-04
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
