21-15
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
78-17058-01
Chapter21 Configuring Port-Based Tra ffic Control Configuring Port Security
This example shows how to enable sticky port security on a port , to manu al ly conf ig ure MAC addresses
for data VLAN, and to set the total maximum number of secure addresses to 10.
Switch(config)# interface FastEthernet0/1
Switch(config-if)# no shutdown
Switch(config-if)# switchport access vlan 21
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 10
Switch(config-if)# switchport port-security violation restrict
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0002
Switch(config-if)# switchport port-security mac-address 0000.0000.0003
Switch(config-if)# switchport port-security maximum 10 vlan access
Enabling and Configuring Port Security Aging
You can use port security aging to set the aging time for all secure addresses on a port. Two types of
aging are supported per port:
Absolute—The secure addresses on the port are deleted after the specified aging time.
Inactivity—The secure addresses on the port ar e deleted only if the secure addresses are inact ive for
the specified aging time.
Use this feature to remove and add devices on a secure port without manually deleting the existing secure
MAC addresses and to still limit the number of secure addresses on a port. You can enable or disable the
aging of secure addresses on a per-port basis.
Beginning in privileged EXEC mode, follow these steps to configure port security aging:
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 interface interface-id Specify the interface to be configured, and enter interface
configuration mode.
Step3 no shutdown Enable the port, if necessary. By default, UNIs are disabled,
and NNIs are enabled.