Chapter 21
Configuring Port-Based Traffic Control
Enabling and Configuring Port Security
Beginning in privileged EXEC mode, follow these steps to restrict input to an interface by limiting and
identifying MAC addresses of the stations allowed to access the port:
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
switchport mode {access | trunk}
Step 4
switchport port-security
Step 5
switchport port-security maximum
value [vlan [vlan-list]]
78-11194-09
Purpose
Enter global configuration mode.
Specify the type and number of the physical interface to configure, for
example gigabitethernet0/1, and enter interface configuration mode.
Set the interface mode as access or trunk; an interface in the default
mode (dynamic desirable) cannot be configured as a secure port.
Enable port security on the interface.
(Optional) Set the maximum number of secure MAC addresses for the
interface. The maximum number of available addresses is determined by
the active Switch Database Management (SDM) template. The default
is 1.
(Optional) For trunk ports, you can set the maximum number of secure
MAC addresses on a VLAN:
•
vlan—set a per-VLAN maximum value.
vlan vlan list—set a per-VLAN maximum value on a range of
•
VLANs separated by a hyphen or a series of VLANs separated by a
comma. For nonspecified VLANs, the per-VLAN maximum value
is used. If no per-VLAN maximum value is entered, the default
value is used.
Catalyst 3550 Multilayer Switch Software Configuration Guide
Configuring Port Security
21-11