How to configure port security on Cisco Catalyst switches that run Cisco IOS system software:
Use the port security feature to restrict input to an interface.
This feature limits and identifies MAC addresses of the workstations that can access the port.
When secure MAC addresses are assigned to a secure port, the port does not forward packets with source addresses outside the group of defined addresses.
If a secure port reaches the maximum number of secure MAC addresses, a security violation occurs when a workstation that attempts to access the port has a MAC address different from any of the identified secure MAC addresses.
To enable port security on an interface, issue the switchport port-security command.
Issue the show port-security command to view port-security settings for an interface or for the switch.
These are the guidelines to configure port security:
| A secure port cannot be a trunk port. | |
| A secure port cannot be an 802.1X port. | |
| A secure port cannot belong to an EtherChannel port-channel interface. | |
| A secure port and static MAC address configuration are mutually exclusive. | |
| A secure port cannot be a destination port for Switch Port Analyzer (SPAN). |
For step-by-step configuration procedures, refer to these documents:
| Cisco Refurbished Inventory Availability |
The Leader in Network Knowledge
