12-9
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-03
Chapter12 Configuring Port-Based Tra ffic Control Configuring Port Security
Default Port Security Configuration
Table12-1 show s the defa ult po rt sec urity c onfig urat ion fo r an int erfa ce.
Configuration Guidelines
Follow these guidelines when configuring port security:
A protected port cannot be a routed port.
A secure port cannot be a dynamic access port or a trunk port.
A protected port cannot be a secure port.
A secure port cannot be a destination port for Switch Por t Ana lyze r (SPAN).
A secure port cannot belong to a Fast EtherChannel or G igab it Eth er Channe l p ort gro up.
A secure port cannot be an 802.1X port. If you try to e na ble 80 2.1X on a se c ure por t, a n erro r
message appears, and 802.1X is not enabled. If you try to change an 802.1X-enabled port to a secure
port, an error message appears, and the security settings are no t c ha nged.
Enabling and Configuring Port Security
Beginning in privileged EXEC mode, follow these steps to restrict input to an interface by limiting and
identifying MAC addresses of the stations allowed to access the port:
Table12-1 Default IGMP Snooping Configuration
Feature Default Setting
Port security Disabled on a port
Maximum number of secure MAC addresses 128
Violation mode Shutdown. The port shuts down when the maximum
number of secure MAC addresses is exceeded, and an
SNMP trap notification is sent.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 interface interface-id Enter interface configuration mode, and enter the physical interface to
configure, for example gigabitethernet0/1.
Step3 switchport mode access Set the interface mode as access; an interface in the default mode
(dynamic desirable) cannot be configured as a secure port.
Step4 switchport port-security Enable port security on the interface.
Step5 switchport port-security maximum
number of addresses (Optional) Set the maximum number of secure MAC addresses for the
interface. The range is 1 to 128; the default is 128.