Chapter 47
Configuring Port Security
Example 1: Setting Maximum Number of Secure Addresses
This example shows how to enable port security on the Fast Ethernet interface 3/12 and how to set the
maximum number of secure addresses to 5. The violation mode is the default, and no secure MAC
addresses are configured.
Switch# configure terminal
Enter configuration commands, one per line.
Switch(config)# interface fastethernet 3/12
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 5
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# end
Switch# show port-security interface fastethernet 3/12
Port Security
Port Status
Violation Mode
Aging Time
Aging Type
SecureStatic Address Aging : Enabled
Maximum MAC Addresses
Total MAC Addresses
Configured MAC Addresses
Sticky MAC Addresses
Last Source Address:Vlan
Security Violation Count
Example 2: Setting a Violation Mode
This example shows how to set the violation mode on the Fast Ethernet interface 3/12 to restrict.
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet 3/12
Switch(config-if)# switchport port-security violation restrict
Switch(config-if)# end
Switch#
SNMP traps can be enabled with a rate-limit to detect port-security violations due to restrict mode. The
following example shows how to enable traps for port-security with a rate of 5 traps per second:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# snmp-server enable traps port-security trap-rate 5
Switch(config)# end
Switch#
Example 3: Setting the Aging Timer
This example shows how to set the aging time to 2 hours (120 minutes) for the secure addresses on the
Fast Ethernet interface 5/1:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet 5/1
Switch(config-if)# switchport port-security aging time 120
Switch(config-if)# end
Switch#
OL-25340-01
End with CNTL/Z.
: Enabled
: Secure-up
: Shutdown
: 0 mins
: Absolute
: 5
: 0
: 0
: 0
: 0000.0000.0000:0
: 0
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
Configuring Port Security on Access Ports
47-11