Cisco Switch: Port Security

Details

Category: TechBlog

Cisco Switch: Port Security

Activate Port Security:

Switch(config)# interface f0/1
Switch(config-if)# switchport port-security

Restricts account of MACs:

Switch(config-if)# switchport port-security maximum 4

Possibility of restricting access und voice VLANs independently:

Switch(config-if)# switchport port-security maximum 4 vlan voice

Configure allowed MAC addresses statically:

Switch(config-if)# switchport port-security mac-address 0123.4567.89ab

Configure sticky MAC address.

Switch(config-if)# switchport port-security mac-address sticky

Set the action after violation:

Switch(config-if)# switchport port-security violation restrict/protect/shutdown

shutdown ... default; port goes into errdisable state ==> blocks all traffic

protect ... traffic from allowed addresses is forwarded, other traffic is blocked

restrict ... same as protect but additionally creates syslog-message and influences violation counter

Configure errdisable recovery mode for port-security:

Switch(config)# errdisable recovery cause psecure-violation 

Switch(config)# errdisable recovery interval 120

Links:  see also

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_6_ea2c/configuration/guide/swgports.html

http://packetlife.net/blog/2010/may/3/port-security/

• < Prev
• Next >