Filter
Top Products
17-7
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-05
Chapter 17 Configuring Port-Based Traffic Control
Configuring Port Security
Port Security Configuration Guidelines
Follow these guidelines when configuring port security:
• Port security can only be configured on static access ports.
• A secure port cannot be a dynamic access port or a trunk port.
• A secure port cannot be a protected port.
• A secure port cannot be a destination port for Switch Port Analyzer (SPAN).
• A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.
• A secure port cannot be an 802.1X port.
• You cannot configure static secure MAC addresses in the voice VLAN.
• When you enable port security on a voice VLAN port, you must set the maximum allowed secure
addresses on the port to at least two. When the port is connected to a Cisco IP phone, the IP phone
requires two MAC addresses: one for the access VLAN and the other for the voice VLAN.
Connecting a PC to the IP phone requires additional MAC addresses.
Enabling and Configuring Port Security
Beginning in privileged EXEC mode, follow these steps to restrict input to an interface by limiting and
identifying MAC addresses of the stations allowed to access the port:
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface interface-id Specify the type and number of the physical interface to configure, for
example gigabitethernet0/1, and enter interface configuration mode.
Step 3
switchport mode access Set the interface mode as access; an interface in the default mode
(dynamic desirable) cannot be configured as a secure port.
Step 4
switchport port-security Enable port security on the interface.
Step 5
switchport port-security maximum
value
(Optional) Set the maximum number of secure MAC addresses for the
interface. The range is 1 to 132; the default is 1.