30-6
Software Configuration Guide—Release 12.2(25)EWA
OL-6850-03
Chapter30 Configuring Port Security and Trunk Port Security
Configuring Port Security
To return the violation mode to the default condition (shutdown mode), use the
no switchport port-security violation {restrict | shutdown} command.
To disable sticky learning on an interface, use the no switchport port-security mac-address sticky
command. The interface converts the sticky secure MAC addresses to dynamic secure addresses.
To delete a sticky secure MAC addresses from the address table, use the
no switchport port-security mac-address mac_address sticky command. To delete all the sticky
addresses on an interface, use the no switchport port-security mac-address sticky command.
To clear dynamically learned port security MAC in the CAM table, use the
clear port-security dynamic command. The address keyword enables you to clear a secure MAC
addresses. The interface keyword enables you to clear all secure addresses on an interface. The
VLAN keyword allows you to clear port security MACs on a per-VLAN per-port basis.
This example shows how to enable port security on Fast Ethernet port 12 and how to set the maximum
number of secure addresses to 5. The violation mode is t he default, and no secure MAC addresses are
configured.
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet 3/12
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 5
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# end
Switch# show port-security interface fastethernet 3/12
Port Security :Enabled
Port Status :Secure-up
Violation Mode :Shutdown
Aging Time :0
Aging Type :Absolute
SecureStatic Address Aging :Enabled
Maximum MAC Addresses :5
Total MAC Addresses :0
Configured MAC Addresses :0
Sticky MAC Addresses :11
Last Source Address :0000.0000.0401
Security Violation Count :0
This example shows how to configure a secure MAC address on Fast Ethernet interface 5/1 and verify
the configuration:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet 5/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 10
Switch(config-if)# switchport port-security mac-address 0000.0000.0003 (Static secure MAC)
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)#
switchport port-security mac-address sticky 0000.0000.0001 (Sticky MAC)
Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0002
Switch(config-if)# end
Switch#show port address
Secure Mac Address Table