Cisco WS-C2950-24 Software Configuration Guide - Page 218
Enabling Port Security
View all Cisco WS-C2950-24 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 218 highlights
Enabling Port Security Chapter 7 Configuring the Switch Ports Enabling Port Security Secured ports restrict a port to a user-defined group of stations. When you assign secure addresses to a secure port, the switch does not forward any packets with source addresses outside the group of addresses you have defined. If you define the address table of a secure port to contain only one address, the workstation or server attached to that port is guaranteed the full bandwidth of the port. As part of securing the port, you can also define the size of the address table for the port. Secured ports generate address-security violations under the following conditions: • The address table of a secured port is full and the address of an incoming packet is not found in the table. • An incoming packet has a source address assigned as a secure address on another port. Limiting the number of devices that can connect to a secure port has the following advantages: • Dedicated bandwidth-If the size of the address table is set to 1, the attached device is guaranteed the full bandwidth of the port. • Added security-Unknown devices cannot connect to the port. The following options validate port security or indicate security violations: Interface Security Trap Shutdown Port Secure Addresses Max Addresses Security Rejects Port to secure. Enable port security on the port. Issue a trap when an address-security violation occurs. Disable the port when an address-security violation occurs. Number of addresses in the address table for this port. Secure ports have at least one address. Number of addresses that the address table for the port can contain. The number of unauthorized addresses seen on the port. For the restrictions that apply to secure ports, see the "Avoiding Configuration Conflicts" section on page 9-2. 7-14 Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 78-6511-05