Cisco WS-C2960S-24PD-L Software Guide - Page 208
Enabling Port Security, Defining the Maximum Secure Address Count
View all Cisco WS-C2960S-24PD-L manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 208 highlights
Enabling Port Security Chapter 7 Configuring the Switch Ports Enabling Port Security Secured ports restrict a port to a user-defined group of stations. When you assign secure addresses to a secure port, the switch does not forward any packets with source addresses outside the group of addresses you have defined. If you define the address table of a secure port to contain only one address, the workstation or server attached to that port is guaranteed the full bandwidth of the port. As part of securing the port, you can also define the size of the address table for the port. Secured ports generate address-security violations under these conditions: • The address table of a secured port is full and the address of an incoming packet is not found in the table. • An incoming packet has a source address assigned as a secure address on another port. Limiting the number of devices that can connect to a secure port has these advantages: • Dedicated bandwidth-If the size of the address table is set to 1, the attached device is guaranteed the full bandwidth of the port. • Added security-Unknown devices cannot connect to the port. These options validate port security or indicate security violations: Interface Security Trap Shutdown Port Secure Addresses Max Addresses Security Rejects Port to secure. Enable port security on the port. Issue a trap when an address-security violation occurs. Disable the port when an address-security violation occurs. Number of addresses in the address table for this port. Secure ports have at least one address. Number of addresses that the address table for the port can contain. The number of unauthorized addresses seen on the port. For the restrictions that apply to secure ports, see the "Avoiding Configuration Conflicts" section on page 9-7. Defining the Maximum Secure Address Count A secure port can have from 1 to 132 associated secure addresses. Setting one address in the MAC address table for the port ensures that the attached device has the full bandwidth of the port. Enabling Port Security Beginning in privileged EXEC mode, follow these steps to enable port security: Step 1 Step 2 Command configure terminal interface interface Purpose Enter global configuration mode. Enter interface configuration mode for the port you want to secure. 7-10 Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide 78-6511-08