Cisco Systems 2955 Switch User Manual


  Open as PDF
of 674
 
21-6
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
OL-10101-02
Chapter 21 Configuring Port-Based Traffic Control
Configuring Port Security
Resuming Normal Forwarding on a Port
Beginning in privileged EXEC mode, follow these steps to resume normal forwarding on a port:
Configuring Port Security
You can use the port security feature to restrict input to an interface by limiting and identifying MAC
addresses of the stations allowed to access the port. When you assign secure MAC addresses to a secure
port, the port does not forward packets with source addresses outside the group of defined addresses.
This section includes information about these topics:
Understanding Port Security, page 21-6
Default Port Security Configuration, page 21-8
Port Security Configuration Guidelines, page 21-8
Enabling and Configuring Port Security, page 21-9
Enabling and Configuring Port Security Aging, page 21-11
Understanding Port Security
This section includes information about:
Secure MAC Addresses, page 21-6
Security Violations, page 21-7
Secure MAC Addresses
You can configure these types of secure MAC addresses:
Static secure MAC addresses—These are manually configured by using the switchport
port-security mac-address mac-address interface configuration command, stored in the address
table, and added to the switch running configuration.
Dynamic secure MAC addresses—These are dynamically learned, stored only in the address table,
and removed when the switch restarts.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface interface-id Specify the interface to configure, and enter interface configuration
mode.
Step 3
no switchport block multicast Enable unknown multicast flooding to the port.
Step 4
no switchport block unicast Enable unknown unicast flooding to the port.
Step 5
end Return to privileged EXEC mode
Step 6
show interfaces interface-id switchport Verify your entries.
Step 7
copy running-config startup-config (Optional) Save your entries in the configuration file.
 previous next