Support User Manuals

Cisco Systems DOC-7814982 Stereo System User Manual

Open as PDF

of 648

18-7

Catalyst 2950 Desktop Switch Software Configuration Guide

78-14982-01

Chapter 18 Configuring Port-Based Traffic Control

Configuring Port Security

Default Port Security Configuration

Table 18-1 shows the default port security configuration for an interface.

Port Security Configuration Guidelines

Follow these guidelines when configuring port security:

• Port security can only be configured on static access ports.

• A secure port cannot be a dynamic access port or a trunk port.

• A secure port cannot be a destination port for Switch Port Analyzer (SPAN).

• A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.

• A secure port cannot be an 802.1X port.

• You cannot configure static secure MAC addresses in the voice VLAN.

• When you enable port security on a voice VLAN port, you must set the maximum allowed secure

addresses on the port to at least two. When the port is connected to a Cisco IP phone, the IP phone

requires two MAC addresses: one for the access VLAN and the other for the voice VLAN.

Connecting a PC to the IP phone requires additional MAC addresses.

Enabling and Configuring Port Security

Beginning in privileged EXEC mode, follow these steps to restrict input to an interface by limiting and

identifying MAC addresses of the stations allowed to access the port:

Table 18-1 Default Port Security Configuration

Feature Default Setting

Port security Disabled on a port

Maximum number of secure MAC addresses 1

Violation mode Shutdown. The interface is error-disabled when a

security violation occurs. When a secure port is in the

error-disabled state, you can bring it out of this state by

entering the errdisable recovery cause

psecure-violation global configuration command, or

you can manually re-enable it by entering the

shutdown and no shutdown interface configuration

commands.

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

interface interface-id Specify the type and number of the physical interface to configure, for

example gigabitethernet0/1, and enter interface configuration mode.

Step 3

switchport mode access Set the interface mode as access; an interface in the default mode

(dynamic desirable) cannot be configured as a secure port.

Step 4

switchport port-security Enable port security on the interface.

previous next