7-11
Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide
78-6511-08
Chapter 7 Configuring the Switch Ports
Enabling Port Security
Disabling Port Security
Beginning in privileged EXEC mode, follow these steps to disable port security:
Configuring Port Security Aging
Note
This feature is not available on the Catalyst 2900 LRE XL switches.
You can use port security aging to set the aging time for all dynamic and static secure addresses on a
port. When port security aging is enabled on a port, the secure addresses on the port are deleted only if
the secure addresses are inactive for the specified aging time.
Use this feature to remove and add PCs on a secure port without manually deleting the existing secure
MAC addresses and to still limit the number of secure addresses on a port.
Beginning in privileged EXEC mode, follow these steps to enable the port security aging feature:
Step 3
port security max-mac-count 1
Secure the port and set the address table to one address.
Step 4
port security action shutdown
Set the port to shutdown when a security violation occurs.
Step 5
end
Return to privileged EXEC mode.
Step 6
show port security
Verify the entry.
Command
Purpose
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface interface
Enter interface configuration mode for the port you want to disable port
security.
Step 3
no port security
Disable port security.
Step 4
end
Return to privileged EXEC mode.
Step 5
show port security
Verify the entry.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface interface
Enter interface configuration mode for the port on which you want to enable
port security aging.
Step 3
port security aging time time
Enable port security aging for this port and set the aging time. For time,
specify the age time for this port. Valid range is from 0 to 1440 minutes. If the
time is equal to 0, aging is disabled for this port.
Step 4
end
Return to privileged EXEC mode.
Step 5
show port security [interface-id]
Verify the entry.