Configuring Port Security On An Interface - Cisco 7609 Configuration Manual
Cisco ios software configuration guide—12.1e
Hide thumbs
Also See for 7609:
- Installing (22 pages) ,
- Datasheet (5 pages) ,
- Frequently asked questions (5 pages)
Table of Contents
Advertisement
Chapter 26
Configuring Port Security
Configuring Port Security on an Interface
To restrict traffic through a port by limiting and identifying MAC addresses of the stations allowed to
access the port, perform this task:
Command
Step 1
Router(config)# interface interface_id
Step 2
Router(config-if)# switchport mode access
Step 3
Router(config-if)# switchport port-security
Step 4
Router(config-if)# switchport port-security
maximum value
Step 5
Router(config-if)# switchport port-security
violation {protect | restrict | shutdown}
Step 6
Router(config-if)# switchport port-security
mac-address mac_address
Step 7
Router(config-if)# end
Step 8
Router# show port-security interface interface_id
Router# show port-security address
When configuring port security, note the following syntax information about port security violation
modes:
•
•
•
When port security is enabled, if an address learned or configured on one secure interface is seen on
Note
another secure interface in the same VLAN, port security puts the interface into the error-disabled state
immediately.
To bring a secure port out of the error-disabled state, enter the errdisable recovery cause
psecure_violation global configuration command or you can manually reenable it by entering the
shutdown and no shut down interface configuration commands.
78-14064-04
protect—Drops packets with unknown source addresses until you remove a sufficient number of
secure MAC addresses to drop below the maximum value.
restrict—Drops packets with unknown source addresses until you remove a sufficient number of
secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter
to increment.
shutdown—Puts the interface into the error-disabled state immediately and sends an SNMP trap
notification.
Purpose
Enters interface configuration mode and enters the
physical interface to configure, for example,
gigabitethernet 3/1.
Sets the interface mode as access; an interface in the
default mode (dynamic desirable) cannot be configured as
a secure port.
Enables port security on the interface.
(Optional) Sets the maximum number of secure MAC
addresses for the interface. The range is 1 to 128; the
default is 128.
(Optional) Sets the violation mode and the action to be
taken when a security violation is detected.
(Optional) Enters a secure MAC address for the interface.
You can use this command to enter the maximum number
of secure MAC addresses. If you configure fewer secure
MAC addresses than the maximum, the remaining MAC
addresses are dynamically learned.
Returns to privileged EXEC mode.
Verifies your entries.
Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E
Configuring Port Security
26-3
Advertisement
Table of Contents
Troubleshooting
