Cisco Catalyst 3750 Command Reference Manual page 512
Hide thumbs
Also See for Catalyst 3750:
- Command reference manual (1154 pages) ,
- Software configuration manual (926 pages) ,
- Hardware installation manual (231 pages)
Table of Contents
Advertisement
switchport port-security
A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.
•
You cannot configure static secure or sticky secure MAC addresses in the voice VLAN.
•
•
When you enable port security on an interface that is also configured with a voice VLAN, you must
set the maximum allowed secure addresses on the port to two plus the maximum number of secure
addresses allowed on the access VLAN. When the port is connected to a Cisco IP phone, the Cisco
IP phone requires up to two MAC addresses. The Cisco IP phone address is learned on the voice
VLAN and might also be learned on the access VLAN. Connecting a PC to the Cisco IP phone
requires additional MAC addresses.
If any type of port security is enabled on the access VLAN, dynamic port security is automatically
•
enabled on the voice VLAN. You cannot configure port security on a per-VLAN basis.
Note
When a voice VLAN is configured on a secure port that is also configured as a sticky secure port,
•
all addresses on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on
the access VLAN to which the port belongs are learned as sticky secure addresses.
You cannot configure static secure MAC addresses in the voice VLAN.
•
When you enter a maximum secure address value for an interface, if the new value is greater than
•
the previous value, the new value overrides the previously configured value. If the new value is less
than the previous value and the number of configured secure addresses on the interface exceeds the
new value, the command is rejected.
The switch does not support port security aging of sticky secure MAC addresses.
•
A security violation occurs when the maximum number of secure MAC addresses are in the address table
and a station whose MAC address is not in the address table attempts to access the interface, or when a
station whose MAC address is configured as a secure MAC address on another secure port attempts to
access the interface.
If you enable port security on a voice VLAN port and if there is a PC connected to the IP phone, you
should set the maximum allowed secure addresses on the port to more than 1.
When a secure port is in the error-disabled state, you can bring it out of this state by entering the
errdisable recovery cause psecure-violation global configuration command, or you can manually
re-enable it by entering the shutdown and no shut down interface configuration commands.
Setting a maximum number of addresses to one and configuring the MAC address of an attached device
ensures that the device has the full bandwidth of the port.
When you enter a maximum secure address value for an interface, this occurs:
If the new value is greater than the previous value, the new value overrides the previously configured
•
value.
If the new value is less than the previous value and the number of configured secure addresses on
•
the interface exceeds the new value, the command is rejected.
Catalyst 3750 Switch Command Reference
2-486
Voice VLAN is supported only on access ports and not on trunk ports.
Chapter 2 Catalyst 3750 Switch Cisco IOS Commands
78-16181-01
- Quick Links:
- Boot System
Hide quick links:
Advertisement
Table of Contents
