21-15
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
78-17058-01
Chapter 21 Configuring Port-Based Traffic Control
Configuring Port Security
This example shows how to enable sticky port security on a port, to manually configure MAC addresses
for data VLAN, and to set the total maximum number of secure addresses to 10.
Switch(config)# interface FastEthernet0/1
Switch(config-if)# no shutdown
Switch(config-if)# switchport access vlan 21
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 10
Switch(config-if)# switchport port-security violation restrict
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0002
Switch(config-if)# switchport port-security mac-address 0000.0000.0003
Switch(config-if)# switchport port-security maximum 10 vlan access
Enabling and Configuring Port Security Aging
You can use port security aging to set the aging time for all secure addresses on a port. Two types of
aging are supported per port:
• Absolute—The secure addresses on the port are deleted after the specified aging time.
• Inactivity—The secure addresses on the port are deleted only if the secure addresses are inactive for
the specified aging time.
Use this feature to remove and add devices on a secure port without manually deleting the existing secure
MAC addresses and to still limit the number of secure addresses on a port. You can enable or disable the
aging of secure addresses on a per-port basis.
Beginning in privileged EXEC mode, follow these steps to configure port security aging:
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface interface-id Specify the interface to be configured, and enter interface
configuration mode.
Step 3
no shutdown Enable the port, if necessary. By default, UNIs are disabled,
and NNIs are enabled.
