Default Port Security Configuration
Note
If the port shuts down, all dynamically learned addresses are removed.
After the maximum number of secure MAC addresses is configured, they are stored in an address table.
To ensure that an attached device has the full bandwidth of the port, set the maximum number of
addresses to one and configure the MAC address of the attached device.
A security violation occurs if the maximum number of secure MAC addresses have been added to the
address table and a workstation whose MAC address is not in the address table attempts to access the
interface.
You can configure the interface for one of three violation modes: protect, restrict, or shutdown (see the
"Configuring Port Security" section on page
Default Port Security Configuration
Table 26-1
Table 26-1 Default Port Security Configuration
Feature
Port security
Maximum number of secure MAC addresses
Violation mode
Port Security Guidelines and Restrictions
Follow these guidelines when configuring port security:
•
•
•
•
Configuring Port Security
These sections describe how to configure port security:
•
•
Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E
26-2
shows the default port security configuration for an interface.
A secure port cannot be a trunk port.
A secure port cannot be a destination port for Switch Port Analyzer (SPAN).
A secure port cannot belong to an EtherChannel port-channel interface.
A secure port cannot be an 802.1X port. If you try to enable 802.1X on a secure port, an error
message appears, and 802.1X is not enabled. If you try to change an 802.1X-enabled port to a secure
port, an error message appears, and the security settings are not changed.
Configuring Port Security on an Interface, page 26-3
Configuring Port Security Aging, page 26-4
Chapter 26
26-2.)
Default Setting
Disabled on a port
1
Shutdown. The port shuts down when the maximum
number of secure MAC addresses is exceeded, and an
SNMP trap notification is sent.
Configuring Port Security
78-14064-04