Configuring Port Security
Configuring Port Security on an Interface
To restrict traffic through a port by limiting and identifying MAC addresses of the stations allowed to
access the port, perform this task:
Command
Step 1
Switch(config)# interface interface_id
Step 2
Switch(config-if)# switchport mode access
Step 3
Switch(config-if)# switchport port-security
Step 4
Switch(config-if)# switchport port-security
maximum value
Step 5
Switch(config-if)# switchport port-security
violation {restrict | shutdown}
Step 6
Switch(config-if)# switchport port-security limit
rate invalid-source-mac
Step 7
Switch(config-if)# switchport port-security
mac-address mac_address
Step 8
Switch(config-if)# switchport port-security
mac-address sticky
Step 9
Switch(config-if)# end
Step 10
Switch# show port-security address
interface interface_id
Switch# show port-security address
Software Configuration Guide—Release 12.2(25)EW
32-4
Chapter 32
Purpose
Enters interface configuration mode and enters the
physical interface to configure, for example
gigabitethernet 3/1.
Sets the interface mode as access; an interface in the
default mode (dynamic desirable) cannot be configured as
a secure port.
Enables port security on the interface.
(Optional) Sets the maximum number of secure MAC
addresses for the interface. The range is 1 to 3072; the
default is 1.
(Optional) Sets the violation mode, the action to be taken
when a security violation is detected, as one of these:
restrict—A port security violation restricts data and
•
causes the SecurityViolation counter to increment
and send an SNMP trap notification.
shutdown—The interface is error-disabled when a
•
security violation occurs.
When a secure port is in the error-disabled state,
Note
you can bring it out of this state by entering the
errdisable recovery cause psecure-violation
global configuration command or you can
manually reenable it by entering the shutdown
and no shut down interface configuration
commands.
Sets the rate limit for bad packets.
(Optional) Enters a secure MAC address for the interface.
You can use this command to enter the maximum number
of secure MAC addresses. If you configure fewer secure
MAC addresses than the maximum, the remaining MAC
addresses are dynamically learned.
(Optional) Enable sticky learning on the interface.
Returns to privileged EXEC mode.
Verifies your entries.
Configuring Port Security
OL-6696-01