Cisco WS-C3560E-24PD-E Command Reference - Page 665
switchport port-security
View all Cisco WS-C3560E-24PD-E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 665 highlights
Chapter 2 Catalyst 3560 Switch Cisco IOS Commands switchport port-security switchport port-security Use the switchport port-security interface configuration command without keywords to enable port security on the interface. Use the keywords to configure secure MAC addresses, sticky MAC address learning, a maximum number of secure MAC addresses, or the violation mode. Use the no form of this command to disable port security or to set the parameters to their default states. switchport port-security [mac-address mac-address [vlan {vlan-id | {access | voice}}] | mac-address sticky [mac-address | vlan {vlan-id | {access | voice}}]] [maximum value [vlan {vlan-list | {access | voice}}]] no switchport port-security [mac-address mac-address [vlan {vlan-id | {access | voice}}] | mac-address sticky [mac-address | vlan {vlan-id | {access | voice}}]] [maximum value [vlan {vlan-list | {access | voice}}]] switchport port-security [aging] [violation {protect | restrict | shutdown}] no switchport port-security [aging] [violation {protect | restrict | shutdown}] Syntax Description aging mac-address mac-address vlan vlan-id vlan access vlan voice mac-address sticky [mac-address] maximum value (Optional) See the switchport port-security aging command. (Optional) Specify a secure MAC address for the interface by entering a 48-bit MAC address. You can add additional secure MAC addresses up to the maximum value configured. (Optional) On a trunk port only, specify the VLAN ID and the MAC address. If no VLAN ID is specified, the native VLAN is used. (Optional) On an access port only, specify the VLAN as an access VLAN. (Optional) On an access port only, specify the VLAN as a voice VLAN. Note The voice keyword is available only if voice VLAN is configured on a port and if that port is not the access VLAN. (Optional) Enable the interface for sticky learning by entering only the mac-address sticky keywords. When sticky learning is enabled, the interface adds all secure MAC addresses that are dynamically learned to the running configuration and converts these addresses to sticky secure MAC addresses. (Optional) Enter a mac-address to specify a sticky secure MAC address. (Optional) Set the maximum number of secure MAC addresses for the interface.The maximum number of secure MAC addresses that you can configure on a switch is set by the maximum number of available MAC addresses allowed in the system. This number is determined by the active Switch Database Management (SDM) template. See the sdm prefer command. This number represents the total of available MAC addresses, including those used for other Layer 2 functions and any other secure MAC addresses configured on interfaces. The default setting is 1. 78-16405-05 Catalyst 3560 Switch Command Reference 2-633