Switchport Port-Security Command on CISCO Router/Switch

Command

Switchport Port-Security

Use

Enables port security on an interface and sets default actions. The defaults are: max mac address is 1 and the violate action is shutdown the port.

Syntax

Switch(config-if)#switchport port-security

Example

In this example, port security is configured for int fa0/2 on SW3. Note that, since port-security will only work on interfaces in access mode,
the command switchport mode access is issued before enabling port-security.

SW3(config-if)#int fa0/2
SW3(config-if)#switchport mode access
SW3(config-if)#switchport port-security

Next, another device is connected to the port, which triggers a violation and causes fa0/2 to be shutdown.

SW3(config-if)#
00:20:30: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/2, putting Fa0/2 in err-disable state
SW3(config-if)#
00:20:30: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address aaaa.bbbb.cccc on port FastEthernet0/2.
SW3(config-if)#
00:20:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
00:20:32: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to down

Related Articles

Leave a Reply

avatar