Command:

set port security

Mode:

Switch> (enable)


Syntax:

set port security mod/port... [enable | disable] [mac_addr] [age {age_time}]
[maximum {num_ of_mac}] [shutdown {shutdown_time}][violation {shutdown | restrict}]


Syntax Description:

mod/port...

Variable that specifies the number of the module and the port on the module.

enable

(Optional) Keyword used to enable port security.

disable

(Optional) Keyword used to disable port security.

mac_addr

(Optional) Secure MAC address of the enabled port.

age age_time

(Optional) Keyword and variable that specify the duration for which addresses on the port will be secured; valid values are 0 (to disable) and from 1 to 1440 (minutes).

maximum num_of_mac

(Optional) Keyword and variable that specify the maximum number of MAC addresses to secure on the port; valid values are from
1 to 1025.

shutdown shutdown_time

(Optional) Keyword and variable that specify the duration for which a port will remain disabled in case of a security violation; valid values are 0 (to disable) and from 1 to 1440 (minutes).

violation

(Optional) Keyword that specifies the action to be taken in the event of a security violation.

shutdown

Keyword to shut down the port in the event of a security violation.

restrict

Keyword to restrict packets from unsecure hosts.

 


Command Description:

Use the set port security command set to configure port security on a port or range of ports.

If you enter the set port security enable command but do not specify a MAC address, the first MAC address seen on the port becomes the secure MAC address.

You can specify the number of MAC addresses to secure on a port. You can add MAC addresses to this list of secure addresses. The maximum number is 1024.

The set port security violation command allows you to specify whether you want the port to shut down or to restrict access to insecure MAC addresses only. The shutdown time allows you to specify the duration of shutdown in the event of a security violation.

We recommend that you configure the age timer and the shutdown timer if you want to move a host from one port to another when port security is enabled on those ports. If the age_time value is less than or equal to the shutdown_time value, the moved host will function again in an amount of time equal to the shutdown_time value. The age timer begins upon learning the first MAC address, and the disable timer begins when there is a security violation.

 


Example:

This example shows how to set port security with a learned MAC address:

Console> (enable) set port security 3/1 enable

Port 3/1 port security enabled with the learned mac address.

Console> (enable)

 

This example shows how to set port security with a specific MAC address:

Console> (enable) set port security 3/1 enable 01-02-03-04-05-06

Port 3/1 port security enabled with 01-02-03-04-05-06 as the secure mac address.

Console> (enable)

 

This example sets the shutdown time to 600 minutes on port 7/7:

Console> (enable) set port security 7/7 shutdown 600
Secure address shutdown time set to 600 minutes for port 7/7.
Console> (enable)

 

This example sets the port to drop all packets that are coming in on the port from insecure hosts:

Console> (enable) set port security 7/7 violation restrict
Port security violation on port 7/7 will cause insecure packets to be dropped.
Console> (enable)

 


Misconceptions:

This command is not supported by the NAM.


Related Commands:

� Cisco Systems, Inc. 2001, 2002, 2003
World Wide Education

Converted from CHM to HTML with chm2web Pro 2.85 (unicode)