Port Security Window

This window is available for Catalyst 2900 XL, 2950, 3500 XL, and 3550 switches. It appears when you select Port > Port Security on the menu bar. You can also click here to launch it.

This window has these tabs:

Begin by selecting a device from the Host Name list whose security settings you want to display.

Security Status

The columns in the table on this tab vary according to the selected device. The columns have these meanings.

Column Appears for... Meaning
Static-Access Interface Any selected device Identifies static-access interfaces: FastEthernet, Gigabit Ethernet, ATM, the module or slot number (0, 1, 2), and port number.
Security Any selected device Shows whether port security is enabled.
Trap Catalyst 2900 XL and 3500 XL only Specifies a trap (alert) as the violation action. The trap is sent to the management station you defined as the trap manager in the SNMP Management window.
Shutdown Catalyst 2900 XL and 3500 XL only Specifies that the port will be disabled if a violation occurs.
Secure Address Count Any selected device Displays the number of secure addresses that are defined for the port. This field is read-only. You must configure a secure port with at least one address.
Maximum Secure Address Count Any selected device Modifies the number of secure addresses that can be associated with this port. You can enter a number from 1 to 132 for Catalyst 2900 XL, 2950, and 3500 XL switches and from 1 to 128 for Catalyst 3550 switches. Entering 1 means that one station has the full bandwidth of the port. By default, this field is set to the maximum number when security is enabled for the port.
Security Reject Count Any selected device Displays the number of unauthorized addresses that have arrived on this port. This field is read-only. When a secured port receives a packet with an address that is not associated with it, the switch does not forward the packet and can generate a trap or disable the port.
Action Catalyst 2950 and 3550 only Specifies the violation mode for the port as one of these:
  • Shutdown. After a security violation, the port is shut down immediately.
  • Restrict. After a security violation, a trap is sent to the network management station.
  • Protect. When the number of secure addresses reaches the maximum allowed on the port, all packets with unknown addresses are dropped.

 

To enable port security and define actions for address violations:

  1. Select one or more ports to modify.
    To select multiple ports, hold down the Ctrl key and click individual ports, or hold down the Shift key and select the first and last ports in a range.
  2. Click Modify to display the Port Security Configuration window.
  3. Complete the window.
  4. Click OK to put your changes in effect and to close the window.
  5. Click OK to close the Port Security window.

Note: To fully secure a port, you can disable flooding to the port from the Flooding Control window. To display this window, select Port > Flooding Controls.

Secure Address

To add a secure address:

  1. Click the Secure Address tab.
  2. Click Create to display the Create Secure Address window.
  3. Complete the window.
    Your entry appears on the Secure Address tab.

To modify a secure address:

  1. Click the Secure Address tab.
  2. Select a secure address from the table.
  3. Click Modify to display the Modify Secure Address window.
  4. Complete the window.
    Your modified entry appears on the Secure Address tab.

To remove a secure MAC address from the Secure Address table, select the address and click Remove. To remove multiple secure addresses from the Secure Address tab, press Ctrl, select the addresses, and click Remove.

To clear the entire Secure Address table, click Clear All.