Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
shutdown
shutdown vlan
Defaults
The default settings are as follows:
•
•
•
•
•
Command Modes
Interface configuration mode
Command History
Release
12.1(13)EW
12.1(19)EW
12.2(18)EW
12.2(31)SG
12.2(52)SG
Usage Guidelines
After you set the maximum number of secure MAC addresses that are allowed on a port, you can add
secure addresses to the address table by manually configuring them, by allowing the port to dynamically
configure them, or by configuring some MAC addresses and allowing the rest to be dynamically
configured.
The packets are dropped into the hardware when the maximum number of secure MAC addresses are in
the address table and a station that does not have a MAC address in the address table attempts to access
the interface.
If you enable port security on a voice VLAN port and if there is a PC connected to the IP phone, you set
the maximum allowed secure addresses on the port to more than 1.
You cannot configure static secure MAC addresses in the voice VLAN.
A secure port has the following limitations:
•
•
•
OL-27596 -01
Port security is disabled.
When port security is enabled and no keywords are entered, the default maximum number of secure
MAC addresses is 1.
Aging is disabled.
Aging time is 0 minutes.
All secure addresses on this port age out immediately after they are removed from the secure address
list.
Modification
Support for this command was introduced on the Catalyst 4500 series switch.
Extended to include DHCP snooping security enhancement.
Added support for sticky interfaces.
Added support for sticky port security.
Added support for per-VLAN error-disable detection.
A secure port cannot be a dynamic access port or a trunk port.
A secure port cannot be a routed port.
A secure port cannot be a protected port.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.4.0SG and IOS 15.1(2)SG)
(Optional) Sets the security violation shutdown mode. In this mode, a
port security violation causes the interface to immediately become error
disabled.
(Optional) Set the security violation mode to per-VLAN shutdown. In
this mode, only the VLAN on which the violation occurred is
error-disabled.
switchport port-security
2-1055