-
Software Configuration Guide (4.5)
-
Index - Software Config Guide, Cat 5000,4000,2926G,2926 (4.5)
-
About This Guide
-
Product Overview
-
Command-Line Interfaces
-
Configuring the Supervisor Engine Software
-
Configuring Ethernet & Fast Ethernet Switching
-
Configuring Gigabit Ethernet Switching
-
Configuring Fast EtherChannel and Gigabit EtherChannel
-
Configuring Spanning Tree
-
Configuring Spanning-Tree PortFast, UplinkFast,& BackboneFast
-
Configuring VTP
-
Configuring VLANs
-
Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports
-
Configuring Dynamic Port VLAN Membership with VMPS
-
Checking Port Status and Connectivity
-
Administering the Switch
-
Controlling Access to the Switch Using Authentication
-
Using Redundant Supervisor Engines
-
Modifying the Switch Boot Configuration
-
Working With the Flash File System
-
Working With System Software Images
-
Working With Configuration Files
-
Configuring System Message Logging
-
Configuring DNS
-
Configuring CDP
-
Configuring NTP
-
Configuring Broadcast/Multicast Suppression
-
Configuring Protocol Filtering
-
Configuring IP Permit List
-
Configuring Secure Port Filtering
-
Configuring SNMP
-
Configuring RMON
-
Configuring SPAN
-
Using Switch TopN Reports
-
Configuring the Network Analysis Module
-
Configuring Multicast Services
-
Configuring ATM LAN Emulation
-
Configuring ATM PVCs and PVCs with Traffic Shaping
-
Configuring Multiprotocol Over ATM
-
Configuring the ATM Fabric Integration Module
-
Configuring InterVLAN Routing
-
Maintaining and Administering the RSM
-
Configuring the Layer 3 Fabric Integration Module
-
Configuring Multilayer Switching
-
Configuring NetFlow Data Export
-
Configuring FDDI/CDDI Switching
-
Configuring FDDI 802.10 Trunks
-
Configuring Token Ring Switching
-
Configuring Token Ring Filters
-
Table Of Contents
Configuring Secure Port Filtering
Understanding How Secure Port Filtering Works
Secure Port Filtering Configuration Guidelines
Configuring Secure Port Filtering
Enabling Secure Port Filtering
Disabling Secure Port Filtering
Configuring Secure Port Filtering
This chapter describes how to configure secure port filtering on the Catalyst 5000, 4000, 2948G, 2926G, and 2926 series switches.
Note
For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference for your switch.
This chapter consists of these sections:
•
•
•
Understanding How Secure Port Filtering Works
You can use secure port filtering to block input to an Ethernet or Fast Ethernet port when the Media Access Control (MAC) address of the station attempting to access the port is different from the MAC address specified for that port.
When a secure port receives a packet, the source MAC address of the packet is compared to the secure source address configured for the port. If the MAC address of the device attached to the port differs from the secure address, the port is disabled, the Link LED for that port turns orange, and a link-down trap is sent to the Simple Network Management Protocol (SNMP) manager.
You can specify the secure MAC address for the port manually or you can have the port dynamically learn the MAC address of the connected device. Once the address is specified or learned, it is stored in nonvolatile RAM (NVRAM) and maintained even after a reset.
Secure Port Filtering Configuration Guidelines
These guidelines apply when configuring secure port filtering:
•
•
Configuring Secure Port Filtering
These sections describe how to configure secure port filtering:
•
•
Enabling Secure Port Filtering
To enable secure port filtering, perform this task in privileged mode:
This example shows how to enable secure port filtering on a port using the learned MAC address on a port and verify the configuration:
Console> (enable) set port security 2/1 enablePort 2/1 port security enabled with the learned mac address.Trunking disabled for Port 2/1 due to Security ModeConsole> (enable) show port 2/1Port Name Status Vlan Level Duplex Speed Type----- ------------------ ---------- ---------- ------ ------ ----- ------------2/1 connected 522 normal half 100 100BaseTXPort Security Secure-Src-Addr Last-Src-Addr Shutdown Trap IfIndex----- -------- ----------------- ----------------- -------- -------- -------2/1 enabled 00-90-2b-03-34-08 00-90-2b-03-34-08 No disabled 1081Port Broadcast-Limit Broadcast-Drop-------- --------------- --------------2/1 - 0Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize----- ---------- ---------- ---------- ---------- ---------2/1 0 0 0 0 0Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants----- ---------- ---------- ---------- ---------- --------- --------- ---------2/1 0 0 0 0 0 0 0Last-Time-Cleared--------------------------Fri Jul 10 1998, 17:53:38Console> (enable)This example shows how to enable secure port filtering on a port and manually specify the secure MAC address:
Console> (enable) set port security 2/1 enable 00-90-2b-03-34-08Port 2/1 port security enabled with 00-90-2b-03-34-08 as the secure mac addressTrunking disabled for Port 2/1 due to Security ModeConsole> (enable)Disabling Secure Port Filtering
To disable secure port filtering, perform this task in privileged mode:
Step 1
set port security mod_num/port_num disable
Step 2
show port [mod_num[/port_num]]
This example shows how to disable secure port filtering on a port:
Console> (enable) set port security 2/1 disablePort 2/1 port security disabled.Console> (enable)
