Cisco 1900 IOS Configuration Commands
617
Remember that you can clear the entries with the command
clear mac-address-table [dynamic|permanent|restricted]
[int-dest] [int-source]
Configuring Port Security
Applying port security is a way of stopping users from plugging a hub into
their jack in their office or cubicle and adding a bunch of hosts without your
knowledge. By default, 132 hardware addresses can be allowed on a single
switch interface. To change this, use the interface command port secure
max-mac-count
.
The following switch output shows the command port secure max-mac-
count
being set on interface 0/2 to allow only one entry.
Todd1900EN#config t
Enter configuration commands, one per line. End with CNTL/Z
Todd1900EN(config)#int e0/2
Todd1900EN(config-if)#port secure ?
max-mac-count Maximum number of addresses allowed on
the port
<cr>
Todd1900EN(config-if)#port secure max-mac-count ?
<1-132> Maximum mac address count for this secure port
Todd1900EN(config-if)#port secure max-mac-count 1
The secured port or ports you create can use either static or sticky-learned
hardware addresses. If the hardware addresses on a secured port are not stat-
ically assigned, the port sticky-learns the source address of incoming frames
and automatically assigns them as permanent addresses. The term sticky-
learns is what Cisco uses to describe how a port dynamically finds a source
hardware address and creates a permanent entry in the MAC filter table.
Using the Show Version Command
You can use the show version command to view basic information about
the switch. This includes how long the switch has been running, the IOS
version, and the base MAC address of the switch.
This MAC address is important because if you lose your password, there
is no password recovery on the 1900 switch. You need to send Cisco this
Copyright ©2002 SYBEX, Inc., Alameda, CA
www.sybex.com