Filter
Top Products
18-10
Catalyst 2950 Desktop Switch Software Configuration Guide
78-14982-01
Chapter 18 Configuring Port-Based Traffic Control
Configuring Port Security
This example shows how to configure a static secure MAC address and a sticky secure MAC address on
Fast Ethernet port 12 and verify the configuration:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet0/12
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address 0000.02000.0004
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security mac-address sticky 0008.a343.b581
Switch(config-if)# end
Switch# show port-security address
= Secure Mac Address Table
-------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
(mins)
---- ----------- ---- ----- -------------
1 0000.0000.000a SecureDynamic Fa0/1 -
1 0000.0002.0300 SecureDynamic Fa0/1 -
1 0000.0200.0003 SecureConfigured Fa0/1 -
1 0000.0200.0004 SecureConfigured Fa0/12 -
1 0003.fd62.1d40 SecureConfigured Fa0/5 -
1 0003.fd62.1d45 SecureConfigured Fa0/5 -
1 0003.fd62.21d3 SecureSticky Fa0/5 -
1 0005.7428.1a45 SecureSticky Fa0/8 -
1 0005.7428.1a46 SecureSticky Fa0/8 -
1 0006.1218.2436 SecureSticky Fa0/8 -
1 0008.a343.b581 SecureSticky Fa0/12 -
-------------------------------------------------------------------
Total Addresses in System :11
Max Addresses limit in System :1024
Enabling and Configuring Port Security Aging
You can use port security aging to set the aging time for all secure addresses on a port. Two types of
aging are supported per port:
• Absolute—The secure addresses on the port are deleted after the specified aging time.
• Inactivity—The secure addresses on the port are deleted only if the secure addresses are inactive for
the specified aging time.
Use this feature to remove and add PCs on a secure port without manually deleting the existing secure
MAC addresses and to still limit the number of secure addresses on a port. You can enable or disable the
aging of statically-configured secure addresses on a per-port basis.