Port Security Window

This window is only available for Catalyst 2900 XL, 2950, and 3500 XL switches. It appears when you select Port > Port Security on the menu bar. You can also click here to launch it. Use it to:

Begin by selecting a device from the Host Name list whose security settings you want to display.

Checking Port Security Settings

The columns in the Port Security table vary according to the selected device. The columns have these meanings.

Column Appears for... Meaning
Interface Any selected device Identifies the port: FastEthernet, Gigabit Ethernet, ATM, the module or slot number (0, 1, 2), and port number.
Security Any selected device Enables port security.
Trap Catalyst 2900 XL and 3500 XL only Specifies a trap (alert) as the violation action. The trap is sent to the management station you defined as the trap manager on the SNMP Management window. (Select Administration > SNMP Management.)
Shutdown Catalyst 2900 XL and 3500 XL only Specifies that the port will be disabled if a violation occurs.
Secure Address Count Any selected device Displays the number of secure addresses that are defined for the port. This field is read-only. You must configure a secure port with at least one address. You define secure addresses for the port in the MAC Addresses window.
Maximum Secure Address Count Any selected device Modifies the number of secure addresses that can be associated with this port. You can enter a number from 1 to 132 in this field; entering 1 means that one station has the full bandwidth of the port. By default, this field is set to 132 when security is enabled for the port.
Security Reject Count Any selected device Displays the number of unauthorized addresses that have arrived on this port. This field is read-only. When a secured port receives a packet with an address that is not associated with it, the switch does not forward the packet and can generate a trap or disable the port.
Action Catalyst 2950 and 3550 only Specifies the violation mode for the port as one of these:
  • Shutdown. After a security violation, the port is shut down immediately.
  • Restrict. After a security violation, a trap is sent to the network management station.
  • Protect. When the number of secure addresses reaches the maximum allowed on the port, all packets with unknown addresses are dropped.

Configuring a Secure Port

To enable port security and define actions for address violations:

  1. From the Port Security table, select one or more ports to modify.
    To select multiple ports, hold down the Ctrl key and click individual ports, or hold down the Shift key and select the first and last ports in a range.
  2. Click Modify to display the Port Security Configuration window.
  3. Complete the window.
  4. Click OK to put your changes in effect and to close the window.
  5. Click OK to close the Port Security window.

Note: To fully secure a port, you can disable flooding to the port from the Flooding Control window. To display this window, select Port > Flooding Controls.