Cisco Systems 78-15328-01

2-430

Catalyst 6500 Series Switch Command Reference—Release7.6

78-15328-01

Chapter2 Catalyst 6500 Series Switch and ROM Monitor Commands

set port security

•Shutdown time is indefinite.

•Timer type is set to absolute aging.

•Unicast flooding is enabled.

The automatic configuration feature is disabled.

Command Types Switch command.

Command Modes Privileged.

Usage Guidelines This command is not supported by the NAM.

If you enter the set port security enable command but do not specify a MAC address, the first MAC

address seen on the port becomes the secure MAC address.

You can specify the number of MAC addresses to secure on a port. You can add MAC addresses to this

list of secure addresses. The maximum number is 1024.

The set port security violation command allows you to specify whether you w ant t he por t to sh ut do w n

or to restrict access to insecure MAC addresses only. The shutdown time allows you to specify the

duration of shutdown in the event of a security violation.

We recommend that you configure the age timer and the shutdown timer if you want to move a host from

one port to another when port security is enabled on th ose po rt s. If the ag e_time value is less than or

equal to the shutdown_time value, the moved host will function again in an amount of time equal to the

shutdown_time value. The age timer begins upon learning the first MAC address, and the disable timer

begins when there is a security violation.

If you disable unicast flooding on a port, the port will drop unicast flood packets when it reaches the

maximum number of MAC addresses allowed.

You can secure only unicast MAC addresses through the CLI. Unicast MAC addresses can also be

learned dynamically. Multicast MAC addresses cannot be secured.

Absolute aging times out the MAC address after the age_time has been exceeded, regardless of the

traffic pattern. This is the default for any secured port, a nd the age_time is set to 0. Inactivity aging times

out the MAC address only after the age_time of inactivity from the correspo nding ho st has be en

exceeded.

Enabling the automatic configuration feature automatically configures learned MAC addresses on

secure ports. If a secure port shuts down because of a violation, if the port is disabled, or if port security

is disabled, all learned MAC addresses are converted to configured MAC addresses and retained on the

port. If this feature is disabled and the secure port experiences any of the same conditions, all learned

MAC addresses are cleared.

Examples This example shows how to set port security with a learned MAC address:

Console> (enable) set port security 3/1 enable

Port 3/1 port security enabled with the learned mac address.

Console> (enable)