
Cisco mac address timeout switch port mac#
When a secure port receives a packet, the source MAC address of the packet is compared to the list of secure source addresses that were manually configured or autoconfigured (learned) on the port. For example, if you configure MAC-1 as the secure MAC address on port 2/1 and MAC-2 as the secure MAC address on port 2/2 and then connect the station with MAC-1 to port 2/2 when port 2/2 is configured for restrictive mode, port 2/2 shuts down instead of restricting traffic from MAC-1. Note If you configure a secure port in restrictive mode, and a station is connected to the port whose MAC address is already configured as a secure MAC address on another port on the switch, the port in restrictive mode shuts down instead of restricting traffic from that station.

The restrictive mode allows you to configure the port to remain enabled during a security violation and drop only packets that are coming in from insecure hosts. The default is for the port to shut down permanently. The shutdown mode option allows you to specify whether the port is to be permanently disabled or disabled for only a specified time. If a security violation occurs, you can configure the port to go either into shutdown mode or restrictive mode. By default, all addresses on a port are secured permanently. After the age time expires, the MAC addresses on the port become insecure. For example, if you configure the port security for a port to have a maximum of ten MAC addresses but add only two MAC addresses, the next eight new source MAC addresses that are received on that port are added to the secured MAC address list for the port.Īfter you allocate a maximum number of MAC addresses on a port, you can also specify how long the addresses on the port will remain secure. When you manually change the maximum number of MAC addresses that are associated to a port greater than the default value and then manually enter the authorized MAC addresses, any remaining MAC addresses are automatically configured. Once you manually configure or autoconfigure the addresses, they are stored in nonvolatile RAM (NVRAM) and are maintained after a reset. Out of a maximum allocated number of MAC addresses on a port, you can manually configure all, allow all to be autoconfigured, or configure some manually and allow the rest to be autoconfigured.
Cisco mac address timeout switch port plus#
The total number of MAC addresses that can be specified per port is limited to the global resource of 1024 plus 1 default MAC address. Allowing Traffic Based on the Host MAC Address Alternatively, you can use port security to filter traffic that is destined to or received from a specific host that is based on the host MAC address.

You can use port security to block input to an Ethernet, Fast Ethernet, or Gigabit Ethernet port when the MAC address of the station attempting to access the port is different from any of the MAC addresses that are specified for that port.

Monitoring Port Security Understanding How Port Security Works.Configuring Port Security on the Switch.Note For complete syntax and usage information for the commands that are used in this chapter, refer to the Catalyst 4500 Series, Catalyst 2948G, Catalyst 2948G-GE-TX, and Catalyst 2980G Switches Command Reference.
