Support User Manuals

Cisco Systems WSC4500X24XIPB Switch User Manual

Open as PDF

of 680

30-9

Software Configuration Guide—Release 12.2(25)EWA

OL-6850-03

Chapter 30 Configuring Port Security and Trunk Port Security

Configuring Port Security

Switch# show port-security interface g1/1 address vlan 2-4

Secure Mac Address Table

------------------------------------------------------------------------

Vlan Mac Address Type Ports Remaining Age

(mins)

---- ----------- ---- ----- -------------

2 0001.0001.0001 SecureConfigured Gi1/1 -

2 0001.0001.0002 SecureSticky Gi1/1 -

2 0001.0001.0003 SecureSticky Gi1/1 -

3 0001.0001.0001 SecureConfigured Gi1/1 -

3 0001.0001.0002 SecureSticky Gi1/1 -

3 0001.0001.0003 SecureSticky Gi1/1 -

4 0001.0001.0001 SecureConfigured Gi1/1 -

4 0001.0001.0002 SecureSticky Gi1/1 -

4 0001.0001.0003 SecureSticky Gi1/1 -

------------------------------------------------------------------------

Total Addresses: 15

Switch#

Configuration Guidelines

Follow these guidelines when configuring port security related parameters on a per-port per-VLAN

basis:

• A secure MAC-address cannot be configured on a VLAN that is not allowed on a regular trunk port.

• For private-VLAN trunk ports, the VLAN on which the configuration is being performed must be

in either the allowed VLAN list of the private VLAN trunk or the secondary VLAN list in the

association pairs. (The CLI is rejected if this condition is not met.) The allowed VLAN list on a

private VLAN trunk is intended to hold the VLAN-IDs of all the regular VLANs that are allowed

on the private VLAN trunk.

• The configuration on the primary VLAN on the private VLAN trunk is not allowed. The CLI will

be rejected and an error message is displayed.

• If a specific VLAN on a port is not configured with a maximum value, the maximum configured for

the port is used for that VLAN. In this situation, the maximum number of addresses that can be

secured on this VLAN is limited to the maximum value configured on the port.

Each VLAN can be configured with a maximum count that is greater than the value configured on

the port. Also, the sum of the maximum configured values for all the VLANs can exceed the

maximum configured for the port. In either of these situations, the number of MAC addresses

secured on each VLAN is limited to the lesser of the VLAN configuration maximum and the port

configuration maximum.

Configuring Port Security Aging

You can use port security aging to set the aging time and aging type for all secure addresses on a port.

Use this feature to remove and add PCs on a secure port without manually deleting the existing secure

MAC addresses while still limiting the number of secure addresses on a port.

previous next