Cisco Systems 3130 User Manual
25-16
Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide
OL-13270-01
Chapter 25 Configuring Port-Based Traffic Control
Configuring Port Security
Switch(config-if)# switchport port-security mac-address 0000.0000.0003
Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0001 vlan voice
Switch(config-if)# switchport port-security mac-address 0000.0000.0004 vlan voice
Switch(config-if)# switchport port-security maximum 10 vlan access
Switch(config-if)# switchport port-security maximum 10 vlan voice
Enabling and Configuring Port Security Aging
You can use port security aging to set the aging time for all secure addresses on a port. Two types of
aging are supported per port:
aging are supported per port:
•
Absolute—The secure addresses on the port are deleted after the specified aging time.
•
Inactivity—The secure addresses on the port are deleted only if the secure addresses are inactive for
the specified aging time.
the specified aging time.
Use this feature to remove and add devices on a secure port without manually deleting the existing secure
MAC addresses and to still limit the number of secure addresses on a port. You can enable or disable the
aging of secure addresses on a per-port basis.
MAC addresses and to still limit the number of secure addresses on a port. You can enable or disable the
aging of secure addresses on a per-port basis.
Beginning in privileged EXEC mode, follow these steps to configure port security aging:
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface interface-id
Specify the interface to be configured, and enter interface
configuration mode.
configuration mode.
Step 3
switchport port-security aging {static | time time |
type {absolute | inactivity}}
type {absolute | inactivity}}
Enable or disable static aging for the secure port, or set the
aging time or type.
aging time or type.
Note
The switch does not support port security aging of
sticky secure addresses.
sticky secure addresses.
Enter static to enable aging for statically configured secure
addresses on this port.
addresses on this port.
For time, specify the aging time for this port. The valid range is
from 0 to 1440 minutes.
from 0 to 1440 minutes.
For type, select one of these keywords:
•
absolute—Sets the aging type as absolute aging. All the
secure addresses on this port age out exactly after the time
(minutes) specified lapses and are removed from the secure
address list.
secure addresses on this port age out exactly after the time
(minutes) specified lapses and are removed from the secure
address list.
•
inactivity—Sets the aging type as inactivity aging. The
secure addresses on this port age out only if there is no data
traffic from the secure source addresses for the specified
time period.
secure addresses on this port age out only if there is no data
traffic from the secure source addresses for the specified
time period.
Step 4
end
Return to privileged EXEC mode.
Step 5
show port-security [interface interface-id]
[address]
[address]
Verify your entries.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.