Support User Manuals

Cisco Systems 2940 Switch User Manual

Open as PDF

of 444

17-9

Catalyst 2940 Switch Software Configuration Guide

78-15507-02

Chapter 17 Configuring Port-Based Traffic Control

Configuring Port Security

To disable sticky learning on an interface, use the no switchport port-security mac-address sticky

interface configuration command. The interface converts the sticky secure MAC addresses to dynamic

secure addresses.

To delete a static secure MAC address from the address table, use the clear port-security configured

address mac-address privileged EXEC command. To delete all the static secure MAC addresses on an

interface, use the clear port-security configured interface interface-id privileged EXEC command.

To delete a dynamic secure MAC address from the address table, use the clear port-security dynamic

address mac-addr privileged EXEC command. To delete all the dynamic addresses on an interface, use

the clear port-security dynamic interface interface-id privileged EXEC command.

To delete a sticky secure MAC addresses from the address table, use the clear port-security sticky

address mac-address privileged EXEC command. To delete all the sticky addresses on an interface, use

the clear port-security sticky interface interface-id privileged EXEC command.

This example shows how to enable port security on Fast Ethernet port 1 and to set the maximum number

of secure addresses to 50. The violation mode is the default, no static secure MAC addresses are

configured, and sticky learning is enabled.

Switch# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# interface fastethernet0/1

Switch(config-if)# switchport mode access

Switch(config-if)# switchport port-security

Switch(config-if)# switchport port-security maximum 50

Switch(config-if)# switchport port-security mac-address sticky

Switch(config-if)# end

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Shutdown

Aging Time : 20 mins

Aging Type : Inactivity

SecureStatic Address Aging : Enabled

Maximum MAC Addresses : 50

Total MAC Addresses : 11

Configured MAC Addresses : 0

Sticky MAC Addresses : 11

Last Source Address : 0000.0000.0000

Security Violation Count : 0

This example shows how to configure a static secure MAC address on Fast Ethernet port 12, enable

sticky learning, and verify the configuration:

Switch# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# interface fastethernet0/12

Switch(config-if)# switchport mode access

Switch(config-if)# switchport port-security

Switch(config-if)# switchport port-security mac-address 0000.02000.0004

Switch(config-if)# switchport port-security mac-address sticky

Switch(config-if)# end

Switch# show port-security address

= Secure Mac Address Table

-------------------------------------------------------------------

Vlan Mac Address Type Ports Remaining Age

(mins)

---- ----------- ---- ----- -------------

1 0000.0000.000a SecureDynamic Fa0/1 -

1 0000.0002.0300 SecureDynamic Fa0/1 -

1 0000.0200.0003 SecureConfigured Fa0/1 -

1 0000.0200.0004 SecureConfigured Fa0/12 -

1 0003.fd62.1d40 SecureConfigured Fa0/5 -

previous next