Chapter 26 Configuring Port-Based Traffic Control

Configuring Port Security

Switch(config-if)#switchport port-security mac-address 0000.0000.0003 Switch(config-if)#switchport port-security mac-address sticky 0000.0000.0001 vlan voice Switch(config-if)#switchport port-security mac-address 0000.0000.0004 vlan voice Switch(config-if)#switchport port-security maximum 10 vlan access Switch(config-if)#switchport port-security maximum 10 vlan voice

Enabling and Configuring Port Security Aging

You can use port security aging to set the aging time for all secure addresses on a port. Two types of aging are supported per port:

Absolute—The secure addresses on the port are deleted after the specified aging time.

Inactivity—The secure addresses on the port are deleted only if the secure addresses are inactive for the specified aging time.

Use this feature to remove and add devices on a secure port without manually deleting the existing secure MAC addresses and to still limit the number of secure addresses on a port. You can enable or disable the aging of secure addresses on a per-port basis.

Beginning in privileged EXEC mode, follow these steps to configure port security aging:

 

Command

Purpose

Step 1

 

 

configure terminal

Enter global configuration mode.

Step 2

 

 

interface interface-id

Specify the interface to be configured, and enter interface

 

 

configuration mode.

Step 3

 

 

switchport port-security aging {static time time

Enable or disable static aging for the secure port, or set the

 

type {absolute inactivity}}

aging time or type.

 

 

Note

The switch does not support port security aging of

 

 

 

sticky secure addresses.

 

 

Enter static to enable aging for statically configured secure

 

 

addresses on this port.

 

 

For time, specify the aging time for this port. The valid range is

 

 

from 0 to 1440 minutes.

 

 

For type, select one of these keywords:

 

 

absolute—Sets the aging type as absolute aging. All the

 

 

 

secure addresses on this port age out exactly after the time

 

 

 

(minutes) specified lapses and are removed from the secure

 

 

 

address list.

 

 

inactivity—Sets the aging type as inactivity aging. The

 

 

 

secure addresses on this port age out only if there is no data

 

 

 

traffic from the secure source addresses for the specified

 

 

 

time period.

Step 4

 

 

end

Return to privileged EXEC mode.

Step 5

 

 

show port-security [interface interface-id]

Verify your entries.

 

[address]

 

 

Step 6

 

 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

 

 

 

 

 

Catalyst 3750-E and 3560-E Switch Software Configuration Guide

26-16

OL-9775-02

Page 612
Image 612
Cisco Systems 3750E manual Enabling and Configuring Port Security Aging, 26-16