Cisco Systems 3130 User Manual
25-18
Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide
OL-13270-01
Chapter 25 Configuring Port-Based Traffic Control
Displaying Port-Based Traffic Control Settings
This example shows how to configure port security on a PVLAN host and promiscuous ports
Switch(config)# interface gigabitethernet 1/0/8
Switch(config-if)# switchport private-vlan mapping 2061 2201-2206,3101
Switch(config-if)# switchport mode private-vlan promiscuous
Switch(config-if)# switchport port-security maximum 288
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security violation restrict
Note
Ports that have both port security and private VLANs configured can be labeled secure PVLAN ports.
When a secure address is learned on a secure PVLAN port, the same secure address cannot be learned
on another secure PVLAN port belonging to the same primary VLAN. However, an address learned on
unsecure PVLAN port can be learned on a secure PVLAN port belonging to same primary VLAN.
When a secure address is learned on a secure PVLAN port, the same secure address cannot be learned
on another secure PVLAN port belonging to the same primary VLAN. However, an address learned on
unsecure PVLAN port can be learned on a secure PVLAN port belonging to same primary VLAN.
Secure addresses that are learned on host port get automatically replicated on associated primary
VLANs, and similarly, secure addresses learned on promiscuous ports automatically get replicated on
all associated secondary VLANs. Static addresses (using mac-address-table static command) cannot be
user configured on a secure port.
VLANs, and similarly, secure addresses learned on promiscuous ports automatically get replicated on
all associated secondary VLANs. Static addresses (using mac-address-table static command) cannot be
user configured on a secure port.
Displaying Port-Based Traffic Control Settings
The show interfaces interface-id switchport privileged EXEC command displays (among other
characteristics) the interface traffic suppression and control configuration. The show storm-control and
show port-security privileged EXEC commands display those storm control and port security settings.
characteristics) the interface traffic suppression and control configuration. The show storm-control and
show port-security privileged EXEC commands display those storm control and port security settings.
To display traffic control information, use one or more of the privileged EXEC commands in
.
Table 25-4
Commands for Displaying Traffic Control Status and Configuration
Command
Purpose
show interfaces [interface-id] switchport
Displays the administrative and operational status of all switching
(nonrouting) ports or the specified port, including port blocking and
port protection settings.
(nonrouting) ports or the specified port, including port blocking and
port protection settings.
show storm-control [interface-id] [broadcast |
multicast | unicast]
multicast | unicast]
Displays storm control suppression levels set on all interfaces or the
specified interface for the specified traffic type or for broadcast traffic
if no traffic type is entered.
specified interface for the specified traffic type or for broadcast traffic
if no traffic type is entered.
show port-security [interface interface-id]
Displays port security settings for the switch or for the specified
interface, including the maximum allowed number of secure MAC
addresses for each interface, the number of secure MAC addresses on
the interface, the number of security violations that have occurred, and
the violation mode.
interface, including the maximum allowed number of secure MAC
addresses for each interface, the number of secure MAC addresses on
the interface, the number of security violations that have occurred, and
the violation mode.
show port-security [interface interface-id] address Displays all secure MAC addresses configured on all switch interfaces
or on a specified interface with aging information for each address.
show port-security interface interface-id vlan
Displays the number of secure MAC addresses configured per VLAN
on the specified interface.
on the specified interface.