Cisco Systems 6500

2-455

Catalyst 6500 Series Switch Command Reference—Release8.1

78-15474-01

Chapter2 Catalyst 6500 Series Switch and ROM Monitor Commands

set port security

Usage Guidelines This command is not supported by the NAM.

If you enter the set port security enable command but do not specify a MAC address, the first MAC

address seen on the port becomes the secure MAC address.

You can specify the number of MAC addresses to secure on a port. You can add MAC addresses to this

list of secure addresses. The maximum number is 1024.

The set port security violation command allows you to specify whether you w ant t he por t to sh ut do w n

or to restrict access to insecure MAC addresses only. The shutdown time allows you to specify the

duration of shutdown in the event of a security violation.

We recommend that you configure the age timer and the shutdown timer if you want to move a host from

one port to another when port security is enabled on th ose po rt s. If the ag e_time value is less than or

equal to the shutdown_time value, the moved host will function again in an amount of time equal to the

shutdown_time value. The age timer begins upon learning the first MAC address, and the disable timer

begins when there is a security violation.

If you disable unicast flooding on a port, the port will drop unicast flood packets when it reaches the

maximum number of MAC addresses allowed.

You can secure only unicast MAC addresses through the CLI. Unicast MAC addresses can also be

learned dynamically. Multicast MAC addresses cannot be secured.

Examples This example shows how to set port security with a learned MAC address:

Console> (enable) set port security 3/1 enable

Port 3/1 port security enabled with the learned mac address.

Console> (enable)

This example shows how to set port security with a specific MAC address:

Console> (enable) set port security 3/1 enable 00-02-03-04-05-06

Port 3/1 port security enabled with 00-02-03-04-05-06 as the secure mac address.

Console> (enable)

This example sets the shutdown time to 600 minutes on port 7/7:

Console> (enable) set port security 7/7 shutdown 600

Secure address shutdown time set to 600 minutes for port 7/7.

Console> (enable)

This example sets the port to drop all packets that are coming in on the port from insecure hosts:

Console> (enable) set port security 7/7 violation restrict

Port security violation on port 7/7 will cause insecure packets to be dropped.

Console> (enable)

This example shows how to enable unicast flooding on port 4/1:

Console> (enable) set port security 4/1 unicast-flood enable

Port 4/1 security flood mode set to enable.

Console> (enable)

This example shows how to disable unicast flooding on port 4/1:

Console> (enable) set port security 4/1 unicast-flood disable

WARNING: Trunking & Channelling will be disabled on the port.

Port 4/1 security flood mode set to disable.

Console> (enable)