PG1X WIKI

My Knowledge Base

User Tools

Site Tools


tech:network:catalyst-port-security:catalyst-port-security

This is an old revision of the document!


Catalyst Port Security

ASW2(config-if)#do sh ver | i (Model number| WS-C2960)
cisco WS-C2960-8TC-L (PowerPC405) processor (revision A0) with 65536K bytes of memory.
Model number                    : WS-C2960-8TC-L
*    1 9     WS-C2960-8TC-L     15.0(2)SE8            C2960-LANBASEK9-M
ASW2(config-if)#do sh run int f0/3
Building configuration...

Current configuration : 416 bytes
!
interface FastEthernet0/3
 switchport mode access
 switchport port-security maximum 2
 switchport port-security violation restrict
 switchport port-security mac-address sticky
 switchport port-security mac-address sticky b827.eb41.c943
 switchport port-security mac-address sticky b827.eb8a.3719
 switchport port-security aging time 1
 switchport port-security aging type inactivity
 switchport port-security
end

mac address in CAM table show as STATIC entry.

and disable port-security feature, this entry deleted.

no mac address-table dynamic

has no effect.

it only work

no switchport port-security

Aging Time

Seems to be will effect dynamic only.

Aging time value means in minutes. not seconds.

interface FastEthernet0/3
 switchport mode access
 switchport port-security maximum 2
 switchport port-security violation restrict
 switchport port-security aging time 1
 switchport port-security aging type inactivity
 switchport port-security
end

Sticky Learning

do sh mac address-table int f0/3
do sh run int f0/3 | i sticky

plug out ethernet cable to b827.eb17.5d00

no switchport port-security mac-address sticky b827.eb17.5d00
do sh mac address-table int f0/3
do sh run int f0/3 | i sticky
ASW2#show port-security
Secure Port  MaxSecureAddr  CurrentAddr  SecurityViolation  Security Action
                (Count)       (Count)          (Count)
---------------------------------------------------------------------------
      Fa0/3              2            2                300         Restrict
---------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port)     : 1
Max Addresses limit in System (excluding one mac per port) : 8192
ASW2#show port-security address
               Secure Mac Address Table
-----------------------------------------------------------------------------
Vlan    Mac Address       Type                          Ports   Remaining Age
                                                                   (mins)
----    -----------       ----                          -----   -------------
   1    b827.eb41.c943    SecureSticky                  Fa0/3        -
   1    b827.eb8a.3719    SecureSticky                  Fa0/3        -
-----------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port)     : 1
Max Addresses limit in System (excluding one mac per port) : 8192
ASW2#sh run int f0/3
Building configuration...

Current configuration : 416 bytes
!
interface FastEthernet0/3
 switchport mode access
 switchport port-security maximum 2
 switchport port-security violation restrict
 switchport port-security mac-address sticky
 switchport port-security mac-address sticky b827.eb41.c943
 switchport port-security mac-address sticky b827.eb8a.3719
 switchport port-security aging time 1
 switchport port-security aging type inactivity
 switchport port-security
end
ASW2#sh port-security int f0/3
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Restrict
Aging Time                 : 1 mins
Aging Type                 : Inactivity
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 2
Total MAC Addresses        : 2
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 2
Last Source Address:Vlan   : b827.eb41.c943:1
Security Violation Count   : 300
ASW2(config-if)#no switchport port-security aging time
ASW2(config-if)#^Z
ASW2#sh port-security int f0/3
*Mar  1 14:17:22.633: %SYS-5-CONFIG_I: Configured from console by console
ASW2#sh port-security int f0/3
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Restrict
Aging Time                 : 0 mins
Aging Type                 : Inactivity
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 2
Total MAC Addresses        : 2
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 2
Last Source Address:Vlan   : b827.eb41.c943:1
Security Violation Count   : 300
ASW2(config)#int f0/3
ASW2(config-if)#no swi
ASW2(config-if)#no switchport po
ASW2(config-if)#no switchport port-security mac
ASW2(config-if)#no switchport port-security mac-address sti
ASW2(config-if)#no switchport port-security mac-address sticky
ASW2(config-if)#do sh ru
ASW2(config-if)#do sh run int f0/3
Building configuration...

Current configuration : 212 bytes
!
interface FastEthernet0/3
 switchport mode access
 switchport port-security maximum 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 switchport port-security
end
ASW2(config-if)#switchport port-security aging time 1
ASW2(config-if)#do sh run int f0/3
Building configuration...

Current configuration : 251 bytes
!
interface FastEthernet0/3
 switchport mode access
 switchport port-security maximum 2
 switchport port-security violation restrict
 switchport port-security aging time 1
 switchport port-security aging type inactivity
 switchport port-security
end

ASW2(config-if)#switchport port-security aging time 2
ASW2#sh port-security address
               Secure Mac Address Table
-----------------------------------------------------------------------------
Vlan    Mac Address       Type                          Ports   Remaining Age
                                                                   (mins)
----    -----------       ----                          -----   -------------
   1    b827.eb8a.3719    SecureDynamic                 Fa0/3        2 (I)
-----------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port)     : 0
Max Addresses limit in System (excluding one mac per port) : 8192
ASW2#sh port-security int f0/3
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Restrict
Aging Time                 : 2 mins
Aging Type                 : Inactivity
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 2
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : b827.eb8a.3719:1
Security Violation Count   : 300

つなぐ

ASW2#sh port-security address
               Secure Mac Address Table
-----------------------------------------------------------------------------
Vlan    Mac Address       Type                          Ports   Remaining Age
                                                                   (mins)
----    -----------       ----                          -----   -------------
   1    b827.eb41.c943    SecureDynamic                 Fa0/3        2 (I)
   1    b827.eb8a.3719    SecureDynamic                 Fa0/3        2 (I)
-----------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port)     : 1
Max Addresses limit in System (excluding one mac per port) : 8192

References

tech/network/catalyst-port-security/catalyst-port-security.1519131900.txt.gz · Last modified: 2018/02/20 22:05 by wnoguchi