55-9
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 55 Configuring Port Security
Configuring Port Security on Access Ports
Step 7
Switch(config-if)# [
no
]
switchport port-security
violation
{
restrict
|
shutdown
|
shutdown vlan
}
(Optional) Sets the violation mode, the action to be taken
when a security violation is detected, as one of these:
•
restrict
—A port security violation restricts data and
causes the SecurityViolation counter to increment
and send an SNMP trap notification.
•
shutdown
—The interface is error-disabled when a
security violation occurs.
•
shutdown vlan
—Use to set the security violation
mode for each VLAN. In this mode, the VLAN is
error-disabled instead of the entire port when a
violation occurs.
Note
When a secure port is in the error-disabled state,
you can bring it out of this state by entering the
errdisable recovery cause
psecure-violation
global configuration command or you can
manually reenable it by entering the
shutdown
and
no shut down
interface configuration
commands.
To return the violation mode to the default condition
(shutdown mode), use the
no
switchport port-security violation shutdown
command.
Step 8
Switch(config-if)#
switchport port-security limit
rate invalid-source-mac
packets_per_sec
Sets the rate limit for bad packets.
Default is 10 pps.
Step 9
Switch(config-if)# [
no
]
switchport port-security
mac-address
mac_address
(Optional) Enters a secure MAC address for the interface.
You can use this command to configure a secure MAC
addresses. If you configure fewer secure MAC addresses
than the maximum, the remaining MAC addresses are
dynamically learned.
To delete a MAC address from the address table, use the
no
switchport port-security mac-address
mac_address
command.
Note
This command only applies to access, PVLAN
host, and PVLAN promiscuous mode. For more
details on PVLAN, trunk, or regular trunk mode,
refer to the
“Configuring Port Security on Trunk
.
Step 10
Switch(config-if)# [
no
]
switchport port-security
mac-address sticky
(Optional) Enables sticky learning on the interface.
To disable sticky learning on an interface, use the
no switchport port-security mac-address sticky
command. The interface converts the sticky secure MAC
addresses to dynamic secure addresses.
Command
Purpose
Summary of Contents for Catalyst 4500 Series
Page 2: ......
Page 4: ......
Page 2086: ...Index IN 46 Software Configuration Guide Release IOS XE 3 9 0E and IOS 15 2 5 E ...