Cisco Systems OL-6244-01

2-530

Catalyst 6500 Series Switch Command Reference—Release8.4

OL-6244-01

Chapter2 Catalyst 6500 Series Switch and ROM Monitor Commands

set port security

Enabling the automatic configuration feature automatically configures learned MA C addresses on secur e

ports. If a secure port shuts down because of a violation, if the port is disabled, or if port security is

disabled, all learned MAC addresses are converted to configured MAC addresses and retained on the

port. If this feature is disabled and the secure port experiences any of the same conditions, all learned

MAC addresses are cleared.

When you configure a MAC address on a port, you can associate a VLAN or multiple VLANs to that

MAC address by enter the set port security mod/port mac_addr [vlan_list] command. If you do not

specify a vlan_list argument, the MAC address is configured on the native VLAN of the specified port.

Examples This example shows how to set port security with a learned MAC address:

Console> (enable) set port security 3/1 enable

Port 3/1 port security enabled with the learned mac address.

Console> (enable)

This example shows how to set port security with a specific MAC address:

Console> (enable) set port security 3/1 enable 00-02-03-04-05-06

Port 3/1 port security enabled with 00-02-03-04-05-06 as the secure mac address.

Console> (enable)

This example shows how to set the maximum MAC address limit to 10:

Console> (enable) set port security 3/37 max 10

Setting the Maximum Addresses Limit to a value lesser than the

current value might result in configured addresses getting cleared

Do you want to continue (y/n) [n]?y

Port 3/37 security maximum address 10.

Console> (enable)

This example shows how to set the shutdown time to 600 minutes on port 7/7:

Console> (enable) set port security 7/7 shutdown 600

Secure address shutdown time set to 600 minutes for port 7/7.

Console> (enable)

This example shows how to configure the port to drop all packets that are coming in on the port from

insecure hosts:

Console> (enable) set port security 7/7 violation restrict

Port security violation on port 7/7 will cause insecure packets to be dropped.

Console> (enable)

This example shows how to enable unicast flooding on port 4/1:

Console> (enable) set port security 4/1 unicast-flood enable

Port 4/1 security flood mode set to enable.

Console> (enable)

This example shows how to disable unicast flooding on port 4/1:

Console> (enable) set port security 4/1 unicast-flood disable

WARNING: Trunking & Channelling will be disabled on the port.

Port 4/1 security flood mode set to disable.

Console> (enable)

This example shows how to set the aging type on a port to absolute aging:

Console> (enable) set port security 5/1 timer-type absolute

Port 5/1 security timer type absolute.

Console> (enable)