Filter
Top Products
CHAPTER
30-1
Software Configuration Guide—Release 12.2(25)EWA
OL-6850-03
30
Configuring Port Security and Trunk Port Security
This chapter describes how to configure port security and trunk port security on the Catalyst 4500 series
switch. It provides guidelines, procedures, and configuration examples.
Note For complete syntax and usage information for the switch commands used in this chapter, refer to the
Catalyst 4500 Series Switch Cisco IOS Command Reference and related publications at
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/index.htm.
This chapter consists of these sections:
• Overview of Port Security, page 30-1
• Default Port Security Configuration, page 30-3
• Port Security Guidelines and Restrictions, page 30-3
• Configuring Port Security, page 30-4
• Displaying Port Security Settings, page 30-11
Overview of Port Security
You can use the port security feature to restrict input to an interface by limiting and identifying MAC
addresses of the workstations that are allowed to access the port. When you assign secure MAC
addresses to a secure port, the port does not forward packets with source addresses outside the group of
defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure
MAC address, the workstation attached to that port is assured the full bandwidth of the port.
If a port is configured as a secure port and the maximum number of secure MAC addresses is reached,
when the MAC address of a workstation attempting to access the port is different from any of the
identified secure MAC addresses, a security violation occurs.
After you have set the maximum number of secure MAC addresses on a port, the secure addresses are
included in an address table in one of these ways:
• You can configure all secure MAC addresses by using the switchport port-security mac-address
mac_address interface configuration command for access, private VLAN host, and private VLAN
promiscuous ports.
• You can configure all secure MAC addresses by using the port-security mac-address vlan range
configuration command for trunk and private VLAN trunk ports.