55-17
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 55 Configuring Port Security
Configuring Port Security on Trunk Ports
Example of Port Security on a Private VLAN Promiscuous Port
The following example shows how to configure port security on a private VLAN promiscuous port, Fast
Ethernet interface 3/12:
Switch#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
vlan 6
Switch(config-vlan)#
private-vlan isolated
Switch(config-vlan)#
exit
Switch(config)#
vlan 3
Switch(config-vlan)#
private-vlan primary
Switch(config-vlan)#
private-vlan association add 6
Switch(config-vlan)#
exit
Switch(config)#
interface fastethernet 3/12
Switch(config-if)#
switchport mode private-vlan promiscuous
Switch(config-if)#
switchport mode private-vlan mapping 3 6
Switch(config-if)#
switchport port-security
Switch(config-if)#
end
Configuring Port Security on Trunk Ports
You might want to configure port security on trunk ports in metro aggregation to limit the number of
MAC addresses per-VLAN. Trunk port security extends port security to trunk ports. It restricts the
allowed MAC addresses or the maximum number of MAC addresses to individual VLANs on a trunk
port. Trunk port security enables service providers to block the access from a station with a different
MAC address than the ones specified for that VLAN on that trunk port. Trunk port security is also
supported on private VLAN trunk ports.
Note
Port security can be enabled on a Layer 2 port channel interface configured in mode. The port security
configuration on an EtherChannel is kept independent of the configuration of any physical member
ports.
These sections describe how to configure trunk port security:
•
Configuring Trunk Port Security, page 55-17
•
Examples of Trunk Port Security, page 55-19
•
Trunk Port Security Configuration Guidelines and Restrictions, page 55-21
Configuring Trunk Port Security
Trunk port security is used when a Catalyst 4500 series switch has a dot1q or isl trunk attached to a
neighborhood Layer 2 switch. This may be used, for example, in metro aggregation networks
(
Summary of Contents for Catalyst 4500 Series
Page 2: ......
Page 4: ......
Page 2086: ...Index IN 46 Software Configuration Guide Release IOS XE 3 9 0E and IOS 15 2 5 E ...