30-3
Software Configuration Guide—Release 12.2(25)EWA
OL-6850-03
Chapter30 Configuring Port Security an d Trunk Port Security
Default Port Security Configuration
You can also customize the time to recover from the specified error disable cause (default is 300
seconds) by entering the errdisable recovery interval interval command.

Port mode changes

Generally, when a port mode changes, all dynamic addresses associated with that port are removed. All
static or sticky addresses and other port security parameters configured on the native VLAN are moved
to the native VLAN of the port in the new mode. All the addresses on the non-native VLANs are
removed.
The behavior for port mode changes is as follows:
When the mode changes from trunk or access to private VLAN trunk, all the static or sticky
addresses configured on the access VLAN of the access port and the native VLAN of the trunk port
are moved to the private VLAN native vlan of the private VLAN trunk port. All other addresses are
removed.
When the mode changes from private VLAN trunk to trunk or access mode, all the static or sticky
addresses configured on the private VLAN native VLAN are moved to the native VLAN of the trunk
port and the access VLAN of the access port. All other addresses are removed.
For a regular or private VLAN trunk port, if the VLAN is removed from the allowed VLAN list, all
the addresses associated with that VLA N are removed.
Default Port Security Configuration
Table30-1 shows the default port security configuration for an interface.
Port Security Guidelines and Restrictions
Follow these guidelines when configuring port security:
A secure port cannot be a destination port for Switch Por t Analyzer (SPAN).
A secure port cannot belong to an EtherChannel port -channel interface.
Table30-1 Default Port Security Configuration
Feature Default Setting
Aging Disabled
Aging type Absolute
invalid-source-mac 10 packets per second
Maximum number of secure MAC addresses 1
Port security Disabled on a port
Static Aging Disabled
Sticky Disabled
Violation mode Shutdown. The port shuts down when the maximum
number of secure MAC addresses is exceeded, and an
SNMP trap notification is sent.