Table of Contents
Configuring Port Security on the Switch
This example shows how to enable MAC address notification globally, how to enable notification of
added and removed MAC addresses, and how to set interval time between notifications:
Console> (enable) set cam notification enable
MAC address change detection globally enabled
Be sure to specify which ports are to detect MAC address changes
with the 'set cam notification [added|removed] enable command.
SNMP traps will be sent if 'set snmp trap enable macnotification' has been set.
Console> (enable) set cam notification historysize 300
MAC address change history log size set to 300 entries
Console> (enable) set cam notification added enable 3/1-4
MAC address change notifications for added addresses are
enabled on port(s) 3/1-4
Console> (enable) set cam notification removed enable 3/3-6
MAC address change notifications for removed addresses are
enabled on port(s) 3/3-6
Console> (enable) set cam notification interval 10
MAC address change notification interval set to 10 seconds
Console> (enable) show cam notification all
MAC address change detection enabled
CAM notification interval = 10 second(s).
MAC address change history log size = 300
MAC addresses added = 3
MAC addresses removed = 5
MAC addresses added overflowed = 0
MAC addresses removed overflowed = 0
MAC address SNMP traps generated = 0
Console> (enable) set snmp trap enable macnotification
SNMP MAC notification trap enabled.
Console> (enable)
Setting the Security Violation Action
You can set a port to the following two modes to handle a security violation:
•
•
To set the security violation action to be taken, perform this task in privileged mode:
Task
Set the security violation action on a port. set port security mod_num/port_num violation
This example sets the port to drop all packets that are coming in on the port from insecure hosts:
Console> (enable) set port security 4/7 violation restrict
Port security violation on port 4/7 will cause insecure packets to be dropped.
Console> (enable)
Note
If you restrict the number of secure MAC addresses on a port to one, and additional hosts attempt to
connect to that port, port security prevents these additional hosts from being connected to that port and
to any other port in the same VLAN for the duration of the VLAN aging time. By default, the VLAN
aging time is 5 minutes. If a host is blocked from joining a port in the same VLAN as the secured port,
allow the VLAN aging time to expire before you attempt to connect the host to the port again.
Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide
16-8
Shutdown—Shuts down the port permanently or for a specified time. Permanent shutdown is the
default mode.
Restrict—Drops all packets from insecure hosts, but remains enabled.
Command
{shutdown | restrict}
—
Release 8.1
Chapter 16
Configuring Port Security
78-15486-01
- Quick Links:
- Configuration Guide
- Catalyst 2980G Switch
Hide quick links:
Table of Contents
