Cisco Systems DOC-7814982

18-8

Catalyst 2950 Desktop Switch Software Configuration Guide

78-14982-01

Chapter 18 Configuring Port-Based Traffic Control

Configuring Port Security

Step 5 switchport port-security maximum

value (Optional ) Set the maxim um numbe r of secure MAC address es for the

interface . The rang e is 1 to 132; the default is 1.

Step 6 switchport port-security violation

{protect | restrict | shutdown}(Optional) Set the violation mode, the action to be taken when a security

violation i s detec ted, as one o f th ese:

•protect—When the number of port secure MAC addresses reaches

the maximu m limit allowed on the port, pac kets with unkn own

source a ddresses are dropped un t il you remove a sufficient number

of secur e M AC addresses to dr op below the m axi mum value.

•restrict—A port security violation restricts data and causes the

SecurityViolation counter to increment and sends an SNMP trap.

•shutdown—The interface is error-disabled when a security

violatio n oc c urs .

Note When a secure port is in the error-disabled state, you can bring

it out of this state by entering the errdis ab le recovery cause

psecure-vi olati on glo bal configur ation c om mand, o r you c an

manually re-enable it by entering the shutdown and no

shutdown inter face configur ation comm ands.

Step 7 switchport port-security mac-address

mac-address (Optional) Enter a static secure MAC address for the interface, repeating

the command as man y ti mes a s neces sary. Yo u can u se this co mmand to

enter the max imum number of secure MAC addresses. If you configure

fewer secure MAC addresses than the maximum, the remaining MAC

addresses are dynamically learned.

Note If you enable sticky learning after you enter this command, the

secu re addr esses that were dy namical ly learne d are c on ve rted to

sticky secure MAC addresses and are added to the running

configuration.

Step 8 switchport port-security mac-address

sticky (Optional) Enable stick learning on the interface.

Step 9 switchport port-security mac-address

sticky mac-address (Optional) Enter a sticky secure MAC address, repeating the command

as many times as necessary. If you configure fewer secure MAC

addres ses tha n the maxi mum, th e rema ining M AC addres ses ar e

dynamically learned, are converted to sticky secure MAC addresses, and

are ad de d to t he r unn in g co nfigura ti on.

Note If you do not enable sticky learning before this command is

entered, an error message appears, and you cannot enter a sticky

secure MAC address.

Step 10 end Return to privileged EXEC mode.

Step 11 show port-security

show port-security address

show p o rt-s ecu ri ty inte rf ace

interface-id

Verify your ent rie s.

Step 12 copy running-config startup-config (Optiona l) Save your entries in the co nfigurati on file.

Command Purpose