Switchport Port-Security Mac-Address Command on CISCO Router/Switch

Command

Switchport Port-Security Mac-Address

Use

Sets the mac-address(es) that causes port-security violation.

Syntax

Switch(config-if)#switchport port-security mac-address <h.h.h.h>
Or
Switch(config-if)#switchport port-security mac-address sticky

Use sticky in conjunction with switchport port-security maximum to have the switch learn which mac-addresses to allow. For example,

if you set switchport port-security maximum 5, then the switch will learn and allow the first 5 mac addresses that connect to the interface.
Any new mac addresses beyond 5 will trigger a violation. Also note that, after rebooting, the switch has to relearn those 5 mac addresses.

Example

In this example, the mac-address is set for port-security on int fa0/2.

SW3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW3(config)#int fa0/2
SW3(config-if)#switchport port-security mac-address aaaa.bbbb.cccc

After connecting a device with a different mac to the interface, port violation is triggered and int fa0/2 is shut down.

SW3(config-if)#
00:55:59: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/2, putting Fa0/2 in err-disable state
SW3(config-if)#
00:55:59: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 1234.5678.489d on port FastEthernet0/2.
SW3(config-if)#
00:56:00: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
00:56:01: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to down

Related Articles

Leave a Reply

avatar