Administrator Guide
Layer 2 Switching Commands 297
•
mac-address
— The static MAC address to be configured on the interface
and VLAN.
•
vlan-id
— The VLAN identifier on which to configure the MAC address.
•
dynamic
— Configure the maximum number of dynamic MAC addresses
that be be learned on the interface.
•
sticky
– Configure a sticky MAC address on the interface. If not given, a
statically locked MAC address is configured on the interface.
•
maximum
— Configure the maximum number of static MAC addresses
that may be configured on the interface.
•
violation
—Configure the interface to:
–
protect
—Protect the interface by discarding MAC frames that are not
learned (default) and issuing a log message and a trap.
–
shutdown
—Protect the interface by error disabling the interface and
issuing a log message and a trap.
Default Configuration
Port security is disabled by default.
No static or sticky MAC addresses are learned or configured by default.
The default number of dynamic MAC addresses per interface is 1. The
default number of static MAC addresses per interface is 1.
The maximum static MAC addresses per interface is 200 MAC addresses,
subject to the total MAC address limit supported by the system. The
maximum static/sticky MAC addresses per interface is 20.
Command Mode
Interface (physical and port-channel) Configuration mode.
Interface Range mode - Only when using switchport port-security syntax.
User Guidelines
Port security allows the network administrator to secure interfaces by
specifying (or learning) the allowable MAC addresses on a given port. Packets
with a matching source MAC address are forwarded normally. All other host
packets are discarded. Port security operates on access, trunk and general
mode ports.
2CSNXXX_SWUM204.book Page 297 Monday, January 25, 2016 1:25 PM