Default Port Security Configuration; Port Security Guidelines And Restrictions; Port Security With Sticky Mac Addresses - Cisco 7604 Configuration Manual
Ios software configuration guide
Hide thumbs
Also See for 7604:
- Configuration manual (742 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 47
Configuring Port Security
Port Security with Sticky MAC Addresses
Release 12.2(18)SXE and later releases support port security with sticky MAC addresses. Port security
with sticky MAC addresses provides many of the same benefits as port security with static MAC
addresses, but sticky MAC addresses can be learned dynamically. Port security with sticky MAC
addresses retains dynamically learned MAC addresses during a link-down condition.
If you enter a write memory or copy running-config startup-config command, then port security with
sticky MAC addresses saves dynamically learned MAC addresses in the startup-config file and the port
does not have to learn addresses from ingress traffic after bootup or a restart.
Default Port Security Configuration
Table 47-1
Table 47-1 Default Port Security Configuration
Feature
Port security
Maximum number of secure MAC addresses
Violation mode
Port Security Guidelines and Restrictions
When configuring port security, follow these guidelines:
•
•
•
•
•
•
•
OL-4266-08
shows the default port security configuration for an interface.
With the default port security configuration, to bring all secure ports out of the error-disabled state,
enter the errdisable recovery cause psecure-violation global configuration command, or manually
reenable it by entering the shutdown and no shut down interface configuration commands.
Enter the clear port-security dynamic global configuration command to clear all dynamically
learned secure addresses. See the Cisco IOS Master Command List, Release 12.2SX, for complete
syntax information.
Port security learns unauthorized MAC addresses with a bit set that causes traffic to them or from
them to be dropped. The show mac-address-table command displays the unauthorized MAC
addresses, but does not display the state of the bit. (CSCeb76844)
To preserve dynamically learned sticky MAC addresses and configure them on a port following a
bootup or a reload and after the dynamically learned sticky MAC addresses have been learned, you
must enter a write memory or copy running-config startup-config command to save them in the
startup-config file.
With Release 12.2(18)SXE and later releases, port security supports private VLAN (PVLAN) ports.
With releases earlier than Release 12.2(18)SXE, port security does not support PVLAN ports.
With Release 12.2(18)SXE and later releases, port security supports nonnegotiating trunks.
Port security only supports trunks configured with these commands:
–
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
Default Port Security Configuration
Default Setting
Disabled.
1.
Shutdown. The port shuts down when the maximum
number of secure MAC addresses is exceeded, and an
SNMP trap notification is sent.
47-3
- Quick Links:
- Supported Hardware and Software
Hide quick links:
Advertisement
Chapters
Table of Contents
