Cisco Systems 3550 Switch User Manual


  Open as PDF
of 798
 
12-9
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-03
Chapter 12 Configuring Port-Based Traffic Control
Configuring Port Security
Default Port Security Configuration
Table 12-1 shows the default port security configuration for an interface.
Configuration Guidelines
Follow these guidelines when configuring port security:
A protected port cannot be a routed port.
A secure port cannot be a dynamic access port or a trunk port.
A protected port cannot be a secure port.
A secure port cannot be a destination port for Switch Port Analyzer (SPAN).
A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.
A secure port cannot be an 802.1X port. If you try to enable 802.1X on a secure port, an error
message appears, and 802.1X is not enabled. If you try to change an 802.1X-enabled port to a secure
port, an error message appears, and the security settings are not changed.
Enabling and Configuring Port Security
Beginning in privileged EXEC mode, follow these steps to restrict input to an interface by limiting and
identifying MAC addresses of the stations allowed to access the port:
Table 12-1 Default IGMP Snooping Configuration
Feature Default Setting
Port security Disabled on a port
Maximum number of secure MAC addresses 128
Violation mode Shutdown. The port shuts down when the maximum
number of secure MAC addresses is exceeded, and an
SNMP trap notification is sent.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface interface-id Enter interface configuration mode, and enter the physical interface to
configure, for example gigabitethernet0/1.
Step 3
switchport mode access Set the interface mode as access; an interface in the default mode
(dynamic desirable) cannot be configured as a secure port.
Step 4
switchport port-security Enable port security on the interface.
Step 5
switchport port-security maximum
number of addresses
(Optional) Set the maximum number of secure MAC addresses for the
interface. The range is 1 to 128; the default is 128.
 previous next