Default Port Security Configuration; Port Security Configuration Guidelines - Cisco Catalyst 3120 Software Manual

Configuring Port Security
Table 25-1 Security Violation Mode Actions
Traffic is
Violation Mode forwarded
protect No
restrict No
shutdown No
shutdown vlan No
1. Packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses.
2. The switch returns an error message if you manually configure an address that would cause a security violation.
3. Shuts down only the VLAN on which the violation occurred.

Default Port Security Configuration

Table 25-2
Table 25-2
Feature
Port security
Sticky address learning
Maximum number of secure
MAC addresses per port
Violation mode
Port security aging

Port Security Configuration Guidelines

Follow these guidelines when configuring port security:
•
•
•
Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide
25-10
Sends SNMP
1
trap
No
Yes
Yes
Yes
shows the default port security configuration for an interface.
Default Port Security Configuration
Port security can only be configured on static access ports or trunk ports. A secure port cannot be a
dynamic access port.
A secure port cannot be a destination port for Switched Port Analyzer (SPAN).
A secure port cannot belong to a Gigabit EtherChannel port group.
Note Voice VLAN is only supported on access ports and not on trunk ports, even though the
configuration is allowed.
Sends syslog Displays error
message message
No No
Yes No
Yes No
Yes No
Default Setting
Disabled on a port.
Disabled.
1.
Shutdown. The port shuts down when the maximum number of
secure MAC addresses is exceeded.
Disabled. Aging time is 0.
Static aging is disabled.
Type is absolute.
Chapter 25 Configuring Port-Based Traffic Control
Violation
counter
2
increments
No
Yes
Yes
Yes
Shuts down port
No
No
Yes
3
No
OL-12247-01