Switchport Security


 * 1) Make the switch interface either a static access or trunk interface, using the switchport mode access or the switchport mode trunk interface subcommands, respectively.
 * 2) Enable port security using the switchport port-security interface subcommand.
 * 3) (Optional) Override the default maximum number of allowed MAC addresses associated with the interface (1) by using the switchport port-security maximum number interface subcommand.
 * 4) (Optional) Override the default action to take upon a security violation (shutdown) using the switchport port-security violation {protect | restrict | shutdown} interface subcommand.
 * 5) (Optional) Predefine any allowed source MAC address(es) for this interface, using the switchport port-security mac-address mac-address command. Use the command multiple times to define more than one MAC address.
 * 6) (Optional) Tell the switch to “sticky learn” dynamically learned MAC addresses with the switchport port-security mac-address sticky interface subcommand.



SW1# show running-config interface FastEthernet0/1 switchport mode access switchport port-security switchport port-security mac-address 0200.1111.1111 ! interface FastEthernet0/2 switchport mode access switchport port-security switchport port-security mac-address sticky ! interface FastEthernet0/3 switchport mode access switchport port-security ! interface FastEthernet0/4 switchport mode access switchport port-security switchport port-security maximum 8
 * Port security does not save the configuration of the sticky addresses, so use the copy running-config startup-config command if desired.
 * Default maximum is one MAC address

SW1# show port-security interface fastEthernet 0/1 Port Security : Enabled Port Status : Secure-shutdown Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 1 Sticky MAC Addresses : 0 Last Source Address:Vlan : 0013.197b.5004:1 Security Violation Count : 1 SW1# show port-security interface fastEthernet 0/2 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 1 Sticky MAC Addresses : 1 Last Source Address:Vlan : 0200.2222.2222:1 Security Violation Count : 0

SW1# show running-config interface FastEthernet0/2 switchport mode access switchport port-security switchport port-security mac-address sticky switchport port-security mac-address sticky 0200.2222.2222