Enabling Port Security
Enabling Port Security
Interface
Security
Trap
Shutdown Port
Secure Addresses
Max Addresses
Security Rejects
Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide
7-14
Secured ports restrict a port to a user-defined group of stations. When you assign
secure addresses to a secure port, the switch does not forward any packets with
source addresses outside the group of addresses you have defined. If you define
the address table of a secure port to contain only one address, the workstation or
server attached to that port is guaranteed the full bandwidth of the port. As part of
securing the port, you can also define the size of the address table for the port.
Secured ports generate address-security violations under the following
conditions:
•
The address table of a secured port is full and the address of an incoming
packet is not found in the table.
•
An incoming packet has a source address assigned as a secure address on
another port.
Limiting the number of devices that can connect to a secure port has the following
advantages:
Dedicated bandwidth—If the size of the address table is set to 1, the attached
•
device is guaranteed the full bandwidth of the port.
Added security—Unknown devices cannot connect to the port.
•
The following options validate port security or indicate security violations:
Port to secure.
Enable port security on the port.
Issue a trap when an address-security violation occurs.
Disable the port when an address-security violation occurs.
Number of addresses in the address table for this port. Secure ports have at
least one address.
Number of addresses that the address table for the port can contain.
The number of unauthorized addresses seen on the port.
For the restrictions that apply to secure ports, see the
Conflicts" section on page
Chapter 7
9-2.
Configuring the Switch Ports
"Avoiding Configuration
78-6511-05