Cisco Systems 3130 User Manual
25-17
Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide
OL-13270-01
Chapter 25 Configuring Port-Based Traffic Control
Configuring Port Security
To disable port security aging for all secure addresses on a port, use the no switchport port-security
aging time interface configuration command. To disable aging for only statically configured secure
addresses, use the no switchport port-security aging static interface configuration command.
aging time interface configuration command. To disable aging for only statically configured secure
addresses, use the no switchport port-security aging static interface configuration command.
This example shows how to set the aging time as 2 hours for the secure addresses on a port:
Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# switchport port-security aging time 120
This example shows how to set the aging time as 2 minutes for the inactivity aging type with aging
enabled for the configured secure addresses on the interface:
enabled for the configured secure addresses on the interface:
Switch(config-if)# switchport port-security aging time 2
Switch(config-if)# switchport port-security aging type inactivity
Switch(config-if)# switchport port-security aging static
You can verify the previous commands by entering the show port-security interface interface-id
privileged EXEC command.
privileged EXEC command.
Port Security and Switch Stacks
When a switch joins a stack, the new switch will get the configured secure addresses. All dynamic secure
addresses are downloaded by the new stack member from the other stack members.
addresses are downloaded by the new stack member from the other stack members.
When a switch (either the stack master or a stack member) leaves the stack, the remaining stack members
are notified, and the secure MAC addresses configured or learned by that switch are deleted from the
secure MAC address table. For more information about switch stacks, see
are notified, and the secure MAC addresses configured or learned by that switch are deleted from the
secure MAC address table. For more information about switch stacks, see
Port Security and Private VLANs
Port security allows an administrator to limit the number of MAC addresses learned on a port or to define
which MAC addresses can be learned on a port.
which MAC addresses can be learned on a port.
Beginning in privileged EXEC mode, follow these steps to configure port security on a PVLAN host and
promiscuous ports:
promiscuous ports:
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface interface-id
Specify the interface to be configured, and enter interface
configuration mode.
configuration mode.
Step 3
switchport mode private-vlan {host |
promiscuous}
promiscuous}
Enable a private vlan on the interface.
Step 4
switchport port-security
Enable port security on the interface.
Step 5
end
Return to privileged EXEC mode.
Step 6
show port-security [interface interface-id]
[address]
[address]
Verify your entries.
Step 7
copy running-config startup-config
(Optional) Save your entries in the configuration file.