IBM 12.1(22)EA6 User Manual
15-9
Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide
24R9746
Chapter 15 Configuring Port-Based Traffic Control
Configuring Port Security
To return the interface to the default condition as not a secure port, use the no switchport port-security
interface configuration command. If you enter this command when sticky learning is enabled, the sticky
secure addresses remain part of the running configuration but are removed from the address table. All
addresses are now dynamically learned.
interface configuration command. If you enter this command when sticky learning is enabled, the sticky
secure addresses remain part of the running configuration but are removed from the address table. All
addresses are now dynamically learned.
To return the interface to the default number of secure MAC addresses, use the no switchport
port-security maximum value interface configuration command.
port-security maximum value interface configuration command.
To return the violation mode to the default condition (shutdown mode), use the no switchport
port-security violation {protect | restrict} interface configuration command.
port-security violation {protect | restrict} interface configuration command.
To disable sticky learning on an interface, use the no switchport port-security mac-address sticky
interface configuration command. The interface converts the sticky secure MAC addresses to dynamic
secure addresses.
interface configuration command. The interface converts the sticky secure MAC addresses to dynamic
secure addresses.
To delete a static secure MAC address from the address table, use the clear port-security configured
address mac-address privileged EXEC command. To delete all the static secure MAC addresses on an
interface, use the clear port-security configured interface interface-id privileged EXEC command.
address mac-address privileged EXEC command. To delete all the static secure MAC addresses on an
interface, use the clear port-security configured interface interface-id privileged EXEC command.
To delete a dynamic secure MAC address from the address table, use the clear port-security dynamic
address mac-address privileged EXEC command. To delete all the dynamic addresses on an interface,
use the clear port-security dynamic interface interface-id privileged EXEC command.
address mac-address privileged EXEC command. To delete all the dynamic addresses on an interface,
use the clear port-security dynamic interface interface-id privileged EXEC command.
To delete a sticky secure MAC addresses from the address table, use the clear port-security sticky
address mac-address privileged EXEC command. To delete all the sticky addresses on an interface, use
the clear port-security sticky interface interface-id privileged EXEC command.
address mac-address privileged EXEC command. To delete all the sticky addresses on an interface, use
the clear port-security sticky interface interface-id privileged EXEC command.
This example shows how to enable port security on a port and to set the maximum number of secure
addresses to 50. The violation mode is the default, no static secure MAC addresses are configured, and
sticky learning is enabled.
addresses to 50. The violation mode is the default, no static secure MAC addresses are configured, and
sticky learning is enabled.
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet0/17
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 50
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# end
This example shows how to configure a static secure MAC address on a port and enable sticky learning:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet0/18
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address 0000.02000.0004
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# end
Enabling and Configuring Port Security Aging
You can use port security aging to set the aging time for static and dynamic secure addresses on a port.
Two types of aging are supported per port:
Two types of aging are supported per port:
•
Absolute—The secure addresses on the port are deleted after the specified aging time.
•
Inactivity—The secure addresses on the port are deleted only if the secure addresses are inactive for
the specified aging time.
the specified aging time.