30-5
Software Configuration Guide—Release 12.2(25)EWA
OL-6850-03
Chapter30 Configuring Port Security an d Trunk Port Security
Configuring Port Security
To return the interface to the default condition as nonsecure port, use the
no switchport port-security command.
To return the interface to the default number of secure MAC addresses, use the no
switchport port-security maximum value.
To delete a MAC address from the address table, use the no switchport port-security mac-address
mac_address command.
Step5 Switch(config-if)# switchport port-security
violation {restrict | shutdown}
(Optional) Sets the violation mode, the action to be taken
when a security violation is detected, as one of these:
restrict—A port security violation restricts data and
causes the SecurityViolation counter to increment
and send an SNMP trap notification.
shutdown—The interface is error-disabled when a
security violation occurs.
Note When a secure port is in the error-disabled state,
you can bring it out of this state by entering the
errdisable recovery cause psecure-violation
global configuration command or you can
manually reenable it by entering the shutdown
and no shut down interface configuration
commands.
Step6 Switch(config-if)# switchport port-security limit
rate invalid-source-mac
packets_per_sec
Sets the rate limit for bad packets.
Step7 Switch(config-if)# switchport port-security
mac-address
mac_address
(Optional) Enters a secure MAC address for the interface.
You can use this command to enter the maximum number
of secure MAC addresses. If you configure fewer secure
MAC addresses than the maximum, the remaining MAC
addresses are dynamically learned.
Note This command only applies is valid to access,
PVLAN host, and PVLAN promiscuous mode.
For more details on PVLAN or trunk or regular
trunk mode, refer to the “Configuring Trunk Port
Security” section on page 30-7.
Step8 Switch(config-if)# switchport port-security
mac-address sticky
(Optional) Enable sticky learning on the interface.
Step9 Switch(config-if)# switchport port-security
mac-address
mac_address
sticky
Specifies the sticky mac-address for the interface.
Note This command only applies is valid to access,
PVLAN host, and PVLAN promiscuous mode.
For more details on PVLAN or trunk or regular
trunk mode, refer to the “Configuring Trunk Port
Security” section on page 30-7.
Step10 Switch(config-if)# end Returns to privileged EXEC mode.
Step11 Switch# show port-security address
interface
interface_id
Switch# show port-security address
Verifies your entries.
Command Purpose (continued)