Port security is a range of features on switches and routers to make sure that certain security policies are upheld.
The maximum number of MAC addresses policy can interfere with the operation of the Steelhead appliance: Normally a link between a switch and a router only has two devices on it. With an in-path device in it, that will increase and thus the number of MAC addresses seen by the router or switch increases.
On a Cisco switch or router, the status of the port security can
be seen with the command
show port-security
.
Figure 4.19. Port security show commands
Switch# show port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) --------------------------------------------------------------------------- Gi0/1 1 1 0 Protect --------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024 Switch#sh port-security interface gi0/1 Port Security : Enabled Port Status : Secure-up Violation Mode : Protect Aging Time : 5 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address : 00a0.1234.5678 Security Violation Count : 0
Port-security can be disabled for a particular interface using
command
no switchport port-security
.
The number of MAC addresses allowed on an interface can be changed
with the command
switchport port-security maximum <number>
.
Figure 4.20. Port security configuration commands
switch (config) # interface gig 0/1 switch (config-if) # no switchport port-security switch (config-if) # switchport port-security maximum 3