43-16
Software Configuration Guide—Release 15.0(2)SG
OL-23818-01
Chapter 43 Configuring Port Security
Configuring Port Security on PVLAN Ports
Example of Port Security on an Isolated Private VLAN Host Port
The following example shows how to configure port security on an isolated private VLAN host port, Fast
Ethernet interface 3/12:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# vlan 6
Switch(config-vlan)# private-vlan isolated
Switch(config-vlan)# exit
Switch(config)# vlan 3
Switch(config-vlan)# private-vlan primary
Switch(config-vlan)# private-vlan association add 6
Switch(config-vlan)# exit
Switch(config)# interface fastethernet 3/12
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan association host 3 6
Switch(config-if)# switchport port-security
Switch(config-if)# end
Configuring Port Security on a Private VLAN Promiscuous Port
To configure port security on a private VLAN promiscuous port, perform this task:
Command Purpose
Step 1 Switch# configure terminal Enters global configuration mode.
Step 2 Switch(config)# vlan sec_vlan_id Specifies the VLAN.
Step 3 Switch(config-vlan)# private-vlan isolated Sets the private VLAN mode to isolated.
Step 4 Switch(config-vlan)# exit Returns to global configuration mode.
Step 5 Switch(config)# vlan pri_vlan_id Specifies the VLAN.
Step 6 Switch(config-vlan)# private-vlan primary Designates the VLAN as the primary private VLAN.
Step 7 Switch(config-vlan)# private-vlan association
add sec_vlan_id Creates an association between a secondary VLAN and a
primary VLAN.
Step 8 Switch(config-vlan)# exit Returns to global configuration mode.
Step 9 Switch(config)# interface interface_id Enters interface configuration mode and specifies the
physical interface to configure.
Step 10 Switch(config-if)# switchport mode private-vlan
promiscuous Specifies that the ports with a valid PVLAN mapping
become active promiscuous ports.
Step 11 Switch(config-if)# switchport private-vlan
mapping primary_vlan secondary_vlan Configures a private VLAN for the promiscuous ports.
Step 12 Switch(config-if)# switchport port-security Enables port security on the interface.
Step 13 Switch(config-if)# end Returns to privileged EXEC mode.
Step 14 Switch# show port-security address
interface interface_id
Switch# show port-security address
Verifies your entries.