Cisco Systems EA6500 Manual De Usuario
26-4
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E
78-14099-04
Chapter 26 Configuring Port Security
Configuring Port Security
To return the interface to the default condition (not a secure port), enter the no switchport port-security
interface configuration command.
interface configuration command.
To return the interface to the default number of secure MAC addresses, enter the no switchport
port-security maximum value command.
port-security maximum value command.
To delete a MAC address from the address table, enter the no switchport port-security mac-address
mac_address command.
mac_address command.
To return the violation mode to the default condition (shutdown mode), enter the no switchport
port-security violation {protocol | restrict} command.
port-security violation {protocol | restrict} command.
This example shows how to enable port security on Fast Ethernet port 12 and to set the maximum number
of secure addresses to 5. The violation mode is the default, and no secure MAC addresses are configured.
of secure addresses to 5. The violation mode is the default, and no secure MAC addresses are configured.
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# interface fastethernet 3/12
Router(config-if)# switchport mode access
Router(config-if)# switchport port-security
Router(config-if)# switchport port-security maximum 5
Router(config-if)# end
Router# show port-security interface fastethernet 3/12
Security Enabled:Yes, Port Status:SecureUp
Violation Mode:Shutdown
Max. Addrs:5, Current Addrs:0, Configure Addrs:0
This example shows how to configure a secure MAC address on Fast Ethernet port 12 and verify the
configuration:
configuration:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# interface fastethernet 5/12
Router(config-if)# switchport mode access
Router(config-if)# switchport port-security
Router(config-if)# switchport port-security mac-address 1000.2000.3000
Router(config-if)# end
Router# show port-security address
Secure Mac Address Table
------------------------------------------------------------
Vlan Mac Address Type Ports
---- ----------- ---- -----
1 1000.2000.3000 SecureConfigured Fa5/12
Configuring Port Security Aging
You can use port security aging to set the aging time for all secure addresses on a port.
Use this feature to remove and add PCs on a secure port without manually deleting the existing secure
MAC addresses while still limiting the number of secure addresses on a port.
MAC addresses while still limiting the number of secure addresses on a port.