Home » Cisco Manuals » Bridges & Routers » Cisco WS-C2950-24 » Manual Viewer

Cisco WS-C2950-24 Software Configuration Guide - Page 218

Enabling Port Security

Add to My Manuals
Save this manual to your list of manuals

Page 218 highlights

Enabling Port Security Chapter 7 Configuring the Switch Ports Enabling Port Security Secured ports restrict a port to a user-defined group of stations. When you assign secure addresses to a secure port, the switch does not forward any packets with source addresses outside the group of addresses you have defined. If you define the address table of a secure port to contain only one address, the workstation or server attached to that port is guaranteed the full bandwidth of the port. As part of securing the port, you can also define the size of the address table for the port. Secured ports generate address-security violations under the following conditions: • The address table of a secured port is full and the address of an incoming packet is not found in the table. • An incoming packet has a source address assigned as a secure address on another port. Limiting the number of devices that can connect to a secure port has the following advantages: • Dedicated bandwidth-If the size of the address table is set to 1, the attached device is guaranteed the full bandwidth of the port. • Added security-Unknown devices cannot connect to the port. The following options validate port security or indicate security violations: Interface Security Trap Shutdown Port Secure Addresses Max Addresses Security Rejects Port to secure. Enable port security on the port. Issue a trap when an address-security violation occurs. Disable the port when an address-security violation occurs. Number of addresses in the address table for this port. Secure ports have at least one address. Number of addresses that the address table for the port can contain. The number of unauthorized addresses seen on the port. For the restrictions that apply to secure ports, see the "Avoiding Configuration Conflicts" section on page 9-2. 7-14 Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 78-6511-05

Section	Page
Catalyst2900SeriesXL and Catalyst3500 SeriesXL Software Configuration Guide	1
Contents	3
Preface	15
Audience	15
Purpose	15
Organization	17
Conventions	18
Related Publications	19
Obtaining Documentation	20
World Wide Web	20
Cisco Documentation CD-ROM	20
Ordering Documentation	21
Documentation Feedback	21
Obtaining Technical Assistance	22
Cisco.com	22
Technical Assistance Center	22
Contacting TAC by Using the Cisco TAC Website	23
Contacting TAC by Telephone	23
Overview	25
Features	25
Management Options	31
Management Interface Options	31
Advantages of Using CMS and Clustering Switches	32
Network Configuration Examples	34
Design Concepts for Using the Switch	34
Small to Medium-Sized Network Configuration	38
Collapsed Backbone and Switch Cluster Configuration	40
Large Campus Configuration	42
Hotel Network Configuration	44
Multidwelling Configuration	47
Getting Started with CMS	49
Features	50
Cluster Manager and VSM	51
Cluster Tree	54
Switch Images	55
System LED	55
Redundant Power System LED	56
Port Modes and LEDs	57
Menu Bars	62
Toolbar	65
Port Pop-Up Menu	66
Device Pop-Up Menu	67
Cluster View and Cluster Builder	69
Topology	72
Menu Bar	74
Toolbar	75
Device Pop-Up Menu	76
Candidate, Member, and Link Pop-Up Menus	77
CMS Window Components	79
Host Name List	80
Tabs	80
Lists	80
Buttons	81
Online Help	81
Accessing CMS	83
Saving Configuration Changes	85
Using Different Versions of Web-Based Switch Management Software	86
Where to Go Next	86
Getting Started with the CLI	87
Command Usage Basics	88
Accessing Command Modes	88
Abbreviating Commands	90
Using the No and Default Forms of Commands	91
Redisplaying a Command	91
Getting Help	91
Command-Line Error Messages	93
Accessing the CLI	94
Accessing the CLI from a Browser	95
Saving Configuration Changes	96
Where to Go Next	96
General Switch Administration	97
Basic IP Connectivity to the Switch	98
Switch Software Releases	98
Console Port Access	99
Telnet Access to the CLI	100
HTTP Access to CMS	101
SNMP Network Management Platforms	102
Using FTP to Access the MIB Files	103
Using SNMP to Access MIB Variables	103
Default Settings	105
Clustering Switches	113
Understanding Switch Clusters	114
Command Switch Characteristics	114
Standby Command Switch Characteristics	115
Candidate and Cluster Member Characteristics	115
Planning a Switch Cluster	116
Automatic Discovery of Cluster Candidates	116
Standby Command Switches	117
IP Addresses	120
Passwords	120
Host Names	122
SNMP Community Strings	122
Management VLAN	123
Network Port	124
NAT Commands	124
LRE Profiles	125
Availability of Switch-Specific Features in Switch Clusters	125
Creating a Switch Cluster	125
Designating and Enabling a Command Switch	126
Adding and Removing Cluster Members	126
Designating and Enabling Standby Command Switches	129
Verifying a Switch Cluster	131
Displaying an Inventory of the Clustered Switches	131
Displaying Link Information	132
Using the CLI to Manage Switch Clusters	133
Using SNMP to Manage Switch Clusters	134
Configuring the System	137
Changing IP Information	138
Manually Assigning and Removing Switch IP Information	138
Using DHCP-Based Autoconfiguration	140
Understanding DHCP-Based Autoconfiguration	140
DHCP Client Request Process	141
Configuring the DHCP Server	142
Configuring the TFTP Server	143
Configuring the Domain Name and the DNS	144
Configuring the Relay Device	145
Obtaining Configuration Files	146
Example Configuration	148
Changing the Password	151
Setting the System Date and Time	153
Configuring Daylight Saving Time	153
Configuring the Network Time Protocol	153
Configuring the Switch as an NTP Client	153
Enabling NTP Authentication	154
Configuring the Switch for NTP Broadcast-Client Mode	154
Configuring SNMP	154
Disabling and Enabling SNMP	154
Entering Community Strings	155
Adding Trap Managers	155
Configuring CDP	158
Configuring CDP for Extended Discovery	158
Configuring STP	160
Supported STP Instances	160
Using STP to Support Redundant Connectivity	161
Disabling STP	161
Accelerating Aging to Retain Connectivity	162
Configuring STP and UplinkFast in a Cascaded Cluster	162
Configuring Redundant Links By Using STP UplinkFast	164
Enabling STP UplinkFast	166
Configuring Cross-Stack UplinkFast	167
How CSUF Works	167
Events that Cause Fast Convergence	169
Limitations	171
Connecting the Stack Ports	171
Configuring Cross-Stack UplinkFast	173
Changing the STP Parameters for a VLAN	174
Changing the STP Implementation	175
Changing the Switch Priority	175
Changing the BPDU Message Interval	176
Changing the Hello BPDU Interval	176
Changing the Forwarding Delay Time	177
STP Port States	177
Enabling the Port Fast Feature	178
Changing the Path Cost	179
Changing the Port Priority	179
Configuring STP Root Guard	180
Managing the ARP Table	181
Controlling IP Multicast Packets through CGMP	182
Enabling the Fast Leave Feature	183
Disabling the CGMP Fast Leave Feature	183
Changing the CGMP Router Hold-Time	184
Removing Multicast Groups	184
Configuring MVR	185
Using MVR in a Multicast Television Application	185
Configuration Guidelines and Limitations	187
Setting MVR Parameters	189
Configuring MVR	190
Managing the MAC Address Tables	192
MAC Addresses and VLANs	192
Changing the Address Aging Time	193
Removing Dynamic Address Entries	194
Adding Secure Addresses	194
Removing Secure Addresses	195
Adding Static Addresses	195
Removing Static Addresses	196
Configuring Static Addresses for EtherChannel Port Groups	197
Configuring TACACS+	197
Configuring the TACACS+ Server Host	198
Configuring Login Authentication	200
Specifying TACACS+ Authorization for EXEC Access and Network Services	201
Starting TACACS+ Accounting	202
Configuring a Switch for Local AAA	203
Configuring the Switch Ports	205
Changing the Port Speed and Duplex Mode	206
Connecting to Devices That Do Not Autonegotiate	206
Setting Speed and Duplex Parameters	207
Configuring Flow Control on Gigabit Ethernet Ports	207
Configuring Flooding Controls	208
Enabling Storm Control	208
Disabling Storm Control	209
Blocking Flooded Traffic on a Port	210
Resuming Normal Forwarding on a Port	211
Enabling a Network Port	211
Disabling a Network Port	212
Configuring UniDirectional Link Detection	213
Creating EtherChannel Port Groups	214
Understanding EtherChannel Port Grouping	214
Port Group Restrictions on Static-Address Forwarding	215
Creating EtherChannel Port Groups	216
Configuring Protected Ports	217
Enabling Port Security	218
Defining the Maximum Secure Address Count	219
Enabling Port Security	219
Disabling Port Security	219
Enabling SPAN	220
Disabling SPAN	220
Configuring Voice Ports	221
Preparing a Port for a Cisco7960 IP Phone Connection	222
Configuring a Port to Connect to a Cisco7960 IP Phone	222
Overriding the CoS Priority of Incoming Frames	223
Configuring Voice Ports to Carry Voice and Data Traffic on Different VLANs	224
Configuring Inline Power on the Catalyst3524-PWR Ports	225
Configuring the LRE Ports	226
LRE Links and LRE Profiles	226
LRE Ethernet Links	229
Assigning a Public Profile to All LRE Ports	231
Assigning a Private Profile to an LRE Port	232
Configuring VLANs	233
Overview	234
Management VLANs	236
Changing the Management VLAN for a New Switch	237
Changing the Management VLAN Through a Telnet Connection	238
Assigning VLAN Port Membership Modes	239
VLAN Membership Combinations	240
Assigning Static-Access Ports to a VLAN	242
Overlapping VLANs and Multi-VLAN Ports	243
Using VTP	244
The VTP Domain	245
VTP Modes and Mode Transitions	246
VTP Advertisements	247
VTP Version 2	248
VTP Pruning	249
VTP Configuration Guidelines	250
Domain Names	250
Passwords	250
Upgrading from Previous Software Releases	251
VTP Version	251
Default VTP Configuration	252
Configuring VTP	252
Configuring VTP Server Mode	253
Configuring VTP Client Mode	254
Disabling VTP (VTP Transparent Mode)	255
Enabling VTP Version 2	256
Disabling VTP Version 2	257
Enabling VTP Pruning	257
Monitoring VTP	258
VLANs in the VTP Database	259
Token Ring VLANs	259
VLAN Configuration Guidelines	260
Default VLAN Configuration	260
Configuring VLANs in the VTP Database	264
Adding a VLAN	265
Modifying a VLAN	266
Deleting a VLAN from the Database	266
Assigning Static-Access Ports to a VLAN	267
How VLAN Trunks Work	268
IEEE 802.1Q Configuration Considerations	269
Trunks Interacting with Other Features	269
Configuring a Trunk Port	270
Disabling a Trunk Port	272
Defining the Allowed VLANs on a Trunk	272
Changing the Pruning-Eligible List	274
Configuring the Native VLAN for Untagged Traffic	275
Configuring 802.1p Class of Service	276
How Class of Service Works	276
Port Priority	276
Port Scheduling	277
Configuring the CoS Port Priorities	278
Load Sharing Using STP	278
Load Sharing Using STP Port Priorities	279
Configuring STP Port Priorities and Load Sharing	280
Load Sharing Using STP Path Cost	282
How the VMPS Works	284
Dynamic Port VLAN Membership	285
VMPS Database Configuration File	286
VMPS Configuration Guidelines	288
Default VMPS Configuration	289
Configuring Dynamic VLAN Membership	289
Configuring Dynamic Ports on VMPS Clients	290
Reconfirming VLAN Memberships	291
Changing the Reconfirmation Interval	291
Changing the Retry Count	292
Administering and Monitoring the VMPS	292
Troubleshooting Dynamic Port VLAN Membership	293
Dynamic Port VLAN Membership Configuration Example	293
Troubleshooting	295
Avoiding Configuration Conflicts	296
Avoiding Autonegotiation Mismatches	297
Troubleshooting LRE Port Configuration	298
Troubleshooting CMS Sessions	299
Determining Why a Switch Is Not Added to a Cluster	302
Copying Configuration Files to Troubleshoot Configuration Problems	303
Troubleshooting Switch Upgrades	304
Recovery Procedures	307
Recovering from Lost Member Connectivity	307
Recovering from a Command Switch Failure	308
Replacing a Failed Command Switch with a Cluster Member	309
Replacing a Failed Command Switch with Another Switch	313
Recovering from a Failed Command Switch Without HSRP	316
Recovering from a Lost or Forgotten Password	316
Recovering from Corrupted Software	319
System Error Messages	321
How to Read System Error Messages	322
Error Message Traceback Reports	324
Error Message and Recovery Procedures	325
Chassis Message	325
CMP Messages	325
Environment Messages	326
GigaStack Messages	327
Link Message	328
LRE Link Messages	328
Module Message	329
Port Security Messages	329
RTD Messages	330
Storm Control Messages	331