Switchport Port-Security Mac-Address
Sets the mac-address(es) that causes port-security violation.
Switch(config-if)#switchport port-security mac-address <h.h.h.h>
Switch(config-if)#switchport port-security mac-address sticky
Use sticky in conjunction with switchport port-security maximum to have the switch learn which mac-addresses to allow. For example,
if you set switchport port-security maximum 5, then the switch will learn and allow the first 5 mac addresses that connect to the interface.
Any new mac addresses beyond 5 will trigger a violation. Also note that, after rebooting, the switch has to relearn those 5 mac addresses.
In this example, the mac-address is set for port-security on int fa0/2.
SW3#conf t Enter configuration commands, one per line. End with CNTL/Z. SW3(config)#int fa0/2 SW3(config-if)#switchport port-security mac-address aaaa.bbbb.cccc
After connecting a device with a different mac to the interface, port violation is triggered and int fa0/2 is shut down.
SW3(config-if)# 00:55:59: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/2, putting Fa0/2 in err-disable state SW3(config-if)# 00:55:59: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 1234.5678.489d on port FastEthernet0/2. SW3(config-if)# 00:56:00: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down 00:56:01: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to down