Chapter 21
Configuring Port-Based Traffic Control
This example shows how to enable sticky port security on a port, to manually configure MAC addresses
for data VLAN, and to set the total maximum number of secure addresses to 10.
Switch(config)# interface FastEthernet0/1
Switch(config-if)# no shutdown
Switch(config-if)# switchport access vlan 21
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 10
Switch(config-if)# switchport port-security violation restrict
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0002
Switch(config-if)# switchport port-security mac-address 0000.0000.0003
Switch(config-if)# switchport port-security maximum 10 vlan access
Enabling and Configuring Port Security Aging
You can use port security aging to set the aging time for all secure addresses on a port. Two types of
aging are supported per port:
•
•
Use this feature to remove and add devices on a secure port without manually deleting the existing secure
MAC addresses and to still limit the number of secure addresses on a port. You can enable or disable the
aging of secure addresses on a per-port basis.
Beginning in privileged EXEC mode, follow these steps to configure port security aging:
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
no shutdown
78-17058-01
Absolute—The secure addresses on the port are deleted after the specified aging time.
Inactivity—The secure addresses on the port are deleted only if the secure addresses are inactive for
the specified aging time.
Purpose
Enter global configuration mode.
Specify the interface to be configured, and enter interface
configuration mode.
Enable the port, if necessary. By default, UNIs are disabled,
and NNIs are enabled.
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
Configuring Port Security
21-15