Skip Links

Network World

Brad Reese

How to configure port security on Cisco Catalyst switches

By Brad Reese on Mon, 02/25/08 - 6:36am.
Newsletter Signup

Cisco Catalyst Switch Port Security

How to configure port security on Cisco Catalyst switches that run Cisco IOS system software:

Use the port security feature to restrict input to an interface.

This feature limits and identifies MAC addresses of the workstations that can access the port.

When secure MAC addresses are assigned to a secure port, the port does not forward packets with source addresses outside the group of defined addresses.

If a secure port reaches the maximum number of secure MAC addresses, a security violation occurs when a workstation that attempts to access the port has a MAC address different from any of the identified secure MAC addresses.

To enable port security on an interface, issue the switchport port-security command.

Issue the show port-security command to view port-security settings for an interface or for the switch.

These are the guidelines to configure port security:

A secure port cannot be a trunk port.
A secure port cannot be an 802.1X port.
A secure port cannot belong to an EtherChannel port-channel interface.
A secure port and static MAC address configuration are mutually exclusive.
A secure port cannot be a destination port for Switch Port Analyzer (SPAN).

For step-by-step configuration procedures, refer to these documents:

Cisco Catalyst 2970 Switch

Cisco Catalyst 3550 Switch

Cisco Catalyst 3560 Switch

Cisco Catalyst 3750 Switch

Cisco Catalyst 4500 Switch

Cisco Catalyst 6500 Switch

Contact Brad Reese
http://www.BradReese.Com

Cisco Refurbished Inventory Availability
  
Welcome, visitor. Register Log in
Advertisement:
About Brad Reese on Cisco

Brad Reese cofounded BradReese.Com Cisco Refurbished which offers one year warranties on Cisco Refurbished and Cisco Repair.

Contact Brad Reese

Archives
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
Categories
1811 expands to 384Mbps of DRAM and 128Mbps of Flash
A UBS analyst is reporting that Cisco's losing market share across the board
A company's monthly network communications cost will be reduced
A government official in possession of a large corporate stockholding while that corporation is subject to administrative rulings by that same government official
Agito adds that its enterprise fixed mobile convergence (eFMC) platform enables low-cost in-building voice coverage
Agito introduced Agito for BlackBerry
Agito's BlackBerry smart phone functionality for Cisco VoIP
Agito's RIM BlackBerry support announcement
An assortment of communications companies
Apple iPhone 3G S
Apple will begin selling its new iPhone 3G S
Applying a Mask of 11111111.11111111.11111111.0000
Back in April the CCIE Security track changed
Before Cisco CTO Padmasree Warrior was hired by Cisco
Below are two addresses broken out from dotted decimal to binary and then redisplayed with dots separating octet boundaries
Bill Alderson - NetQoS Technology Consulting Officer
Black Hat attack on Cisco's network admission control (NAC)
Boas also led an educational session at the Gartner Security Summit
Boas shares his insight on the most prevalent threats to the enterprise network
Brings enterprise VoIP over WiFi for dual-mode BlackBerry smartphones
Careers
Certified by Cisco-Linksys technicians via Linksys ISO certification procedures
Chairman and CEO of Cisco China - Jim Sherriff
Cisco
Cisco 1811 IOS 12.4 with SDM is the standard for Cisco CCNA – Security Labs
Cisco 1811 is now standard on the Cisco CCIE Security Lab with IOS 12.4T
Cisco Flip Video Camera
Cisco NAC design flaws that the folks at Black Hat so alarmingly described
Cisco has produced a new CCIE count
Cisco has successfully made the market transition to selling refurbished Linksys directly to end users
Cisco is also offering its new home media ensemble
Cisco is celebrating its 25th anniversary this year
Cisco merged the Linksys channel partner program into Cisco's registered partner tier
Cisco only counts your CCIE number once
Cisco registered the shoplinksys.com domain name to sell refurbished Linksys
Cisco released its new worldwide CCIE count
Cisco sales plummeted $1.6 billion (Page 4) and operating income nose-dived $1 billion
Cisco shouldn’t until it works out the kinks
Cisco's executive biographies web page
Compromised the Cisco agent installed on the end system
Confirmation testimony before the U.S. Senate noteworthy
Customer-proven best practices of network access control (NAC)
DSL/Cable with the Cisco 1811 makes sense
Data Center
Desai previously served as Chief Operating Officer of Radware (NASDAQ: RDWR)
Didn’t RIM already support voice over WiFi?
Doesn’t RIM’s Ascendent acquisition give them this?
Dotted decimal addresses that end up falling under a non-octet boundary subnet mask
Dual CCIE #18532 Routing and Switching/Security - George Morton
Dual Cisco CCIE #18532 Security/R&S - George Morton
Dual-mode BlackBerry smartphones
During the first 9 months of Cisco's 2009 fiscal year under Warrior's leadership as CTO
Each eight bits being converted to decimal
Enables BlackBerry to be integrated into corporate PBXs and Unified Communications systems
Enterasys NAC is agent-less assessment based on a network scan
Enterasys security expert Dennis Boas
Enterasys uses multiple criteria beyond end system health assessment to assign and limit access granted to an end system
Enterprise concerns about the financial and management aspects of NAC
Enterprises that have standardized on the BlackBerry platform
FCC requires the old Bell System to report its T1 outage and that the repair needs to be under 4 hours for 95% of all T1 outages
Famous networking industry journalist
Feature allowing entry of a real address mask of your own to test if it is on the same or remote network
Flexible options with Enterasys NAC
HP and Liquid Computing
Half the smartphones in use in the US today are BlackBerry devices
How Cisco was working overtime AGAINST the Buy America provisions of the $7.2B broadband stimulus fund
How LiquidIQ Works
How useful do you find this subnet calculator?
I developed the Subnet Calculator to make learning more demonstrative and fun
I have worked for a handful of telecommunications companies of varying sizes
I voted for President Obama seeking change
In the subnet calculator the binary and the n
Interesting CCIE news from around the world
Internet access at the branch would run faster than traditional T1 services
Is Cisco getting ready to sell its refurbished gear directly to end users too?
Is George Morton on to something here?
It will kill the Cisco Flip video camera
Its been proven that a government official can be bribed with free dinners
Joel Bion - Senior Vice President of Cisco's Product Resiliency Research
LANs / WANs
Larry Strickling is confirmed as the new Administrator of the National Telecommunications and Information Administration (NTIA)
Last month Cisco missed the multiple CCIE numbers
Leaving Warrior with absolutely no future as the CTO of Motorola
Linksys by Cisco Certified Refurbished Product
Linksys by Cisco Wireless Home Audio System
Liquid Computing's definition of unified computing (LiquidIQ) is a flexible
LiquidIQ Business Continuity - Disaster Recovery Made Simple
LiquidIQ Technical Specifications
LiquidIQ Total Software Control - LiquidView Management
LiquidIQ can consolidate functions including web
LiquidIQ is the only UCS system that's listed by VMware to support VSphere
LiquidIQ is the only standards-based unified computing solution that’s in production today with paying customers
LiquidIQ was designed with built-in security
Made by Strickling during his March 19
Manny Rivelo - Senior Vice President of Cisco's Development Organization
Market failures for business class DSL/Cable is unacceptable
May 2009 vs. June 2009 Worldwide CCIE Count Comparison
Mobile features integrated into the BlackBerry
Morton believes with DSL/Cable services having up to 18Mbps of download availability
Morton's design would route all requests over the DMVPN-mGRE
Motorola operating earnings dropped $3.8 billion to a loss of $534 million
Motorola sales had collapsed by more than $4 billion (Page 1)
Multiple pipes with QoS for voice dedicated to one uplink and data services on the second link
My previous government service at the FCC provide me a unique background for the position of Assistant Secretary
NetQoS Subnet Calculator offers a view of every bit in the IP address to help network engineers understand how IP subnetting works
Network Management
Network World's Data Center Derby story acknowledged Liquid's first-mover advantage with its unified data center concept
Network performance management vendor NetQos
Network security vendor Enterasys
Nortel had purchased Alteon for $7.8 billion
Not too many senior executives are around from Cisco's early days
Omitted the years of Cisco service for both John Morgridge and Richard Justice because they are no longer full-time Cisco executives
Only 66% of all applicants who passed were for the CCIE Router and Switch track
Only one CCIE is a member of Cisco's 59 strong senior executive team
Pacific Rim CCIE numbers didn't change over the last 39 days
Pejman Roshan - Chief Marketing Officer of enterprise fixed mobile convergence (eFMC) vendor Agito Networks
Ponemon Institute reported
R & S + Security this year as the most popular dual CCIE track
R & S + Service Provider was 49% of the successful attempts for dual CCIE
RIM offers only data services over WiFi on their dual-mode smartphones
Radware recently purchased Nortel's application delivery business (Alteon) for the cut-rate price of $18 million
Refurbished product are mostly customer returns that meet original factory specifications
Refurbished product sold in the United States
Responsible for Cisco's IOS Software
SMB
Screenshot of the NetQoS Subnet Calculator
Security
Security mechanisms are used to validate the integrity and authenticity of the Enterasys agent for all server/agent communications
She was the CTO of Motorola and dismissed in her blog the introduction of the Apple iPhone
Showed that Stickling owned a large Cisco stock position
So we had 251 new CCIEs
Start by entering your address and mask in the calculator
Subject of Cisco's senior executive team came up
The Federal Reserve has moved from complex Cisco routers with T1 service to Cisco low end routers (ISR 1811) with DSL
The IOS 12.4 track with ISR routers is slowing down the Security CCIE track
The National Telecommunications and Information Administration (NTIA) granted Cisco its coveted Buy American Exception
The average tenure would be of the 61 executives listed on Cisco's Mount Rushmore
The change in the CCIE Security track has had a major impact on new security CCIEs
Until one takes some real addresses and experiments with how the mask affects the address bits
View Cisco's flash promotion for its home media ensemble
View more Cisco Tools
Vik Desai - President and Chief Executive Officer of unified computing infrastructure vendor - Liquid Computing
VoIP / Convergence
Warrior is now repeating her Motorola failure at Cisco
We're also now starting to see the CCIE Wireless track
We've experienced a new low for CCIE Security track
What exactly has Agito Networks announced this week?
What's your take on the implications of the new worldwide Cisco CCIE count?
Why is cellular-only PBX and UC integration incomplete?
Why the Enterasys NAC solution is doing so well
Why the Enterasys NAC solution is in such high demand
Wireless / Mobile
Within 9 months of the Apple iPhone introduction
On The Web
Twitter