Chapter 26 Configuring Port-Based Traffic Control

Displaying Port-Based Traffic Control Settings

Switch(config-if)#switchport mode private-vlan promiscuous

Switch(config-if)#switchport port-security maximum 288

Switch(config-if)#switchport port-security

Switch(config-if)#switchport port-security violation restrict

Note Ports that have both port security and private VLANs configured can be labeled secure PVLAN ports. When a secure address is learned on a secure PVLAN port, the same secure address cannot be learned on another secure PVLAN port belonging to the same primary VLAN. However, an address learned on unsecure PVLAN port can be learned on a secure PVLAN port belonging to same primary VLAN.

Secure addresses that are learned on host port get automatically replicated on associated primary VLANs, and similarly, secure addresses learned on promiscuous ports automatically get replicated on all associated secondary VLANs. Static addresses (using mac-address-table static command) cannot be user configured on a secure port.

Displaying Port-Based Traffic Control Settings

The show interfaces interface-idswitchport privileged EXEC command displays (among other characteristics) the interface traffic suppression and control configuration. The show storm-controland show port-securityprivileged EXEC commands display those storm control and port security settings.

To display traffic control information, use one or more of the privileged EXEC commands in Table 26-4.

Table 26-4 Commands for Displaying Traffic Control Status and Configuration

Command

Purpose

 

 

show interfaces [interface-id]switchport

Displays the administrative and operational status of all switching

 

(nonrouting) ports or the specified port, including port blocking and

 

port protection settings.

 

 

show storm-control [interface-id] [broadcast

Displays storm control suppression levels set on all interfaces or the

multicast unicast]

specified interface for the specified traffic type or for broadcast traffic

 

if no traffic type is entered.

 

 

show port-security [interface interface-id]

Displays port security settings for the switch or for the specified

 

interface, including the maximum allowed number of secure MAC

 

addresses for each interface, the number of secure MAC addresses on

 

the interface, the number of security violations that have occurred, and

 

the violation mode.

 

 

show port-security [interface interface-id]address

Displays all secure MAC addresses configured on all switch interfaces

 

or on a specified interface with aging information for each address.

 

 

show port-security interface interface-idvlan

Displays the number of secure MAC addresses configured per VLAN

 

on the specified interface.

 

 

 

Catalyst 3750-E and 3560-E Switch Software Configuration Guide

26-18

OL-9775-02

Page 614
Image 614
Cisco Systems 3750E manual Displaying Port-Based Traffic Control Settings, Show port-security interface interface-idaddress