| PORT CONFIGURATION |
|
|
Console(config)#interface ethernet 1/10 | |
| |
|
|
Configuring Port Security
Port security is a feature that allows you to configure a switch port with one or more device MAC addresses that are authorized to access the network through that port.
When port security is enabled on a port, the switch stops learning new MAC addresses on the specified port. Only incoming traffic with source addresses already stored in the dynamic or static address table will be accepted as authorized to access the network through that port. If a device with an unauthorized MAC address attempts to use the switch port, the intrusion will be detected and the switch can automatically take action by disabling the port and sending a trap message.
To use port security, first allow the switch to dynamically learn the <source MAC address, VLAN> pair for frames received on a port for an initial period, and then enable port security to stop address learning. Be sure you enable the learning function long enough to ensure that all valid VLAN members have been registered on the selected port.
Note that a secure port has the following restrictions:
•It should not be connected to a network interconnection device.
•It cannot be configured as a member of a static trunk.
•It can be configured as an LACP trunk port, but the switch does not allow the LACP trunk to be enabled.
Note: A port that is already configured as an LACP or static trunk port cannot be enabled as a secure port.
