PurposeCommand or Action
(Optional) vlan—sets a per-VLAN maximum value.
port-security mac-address
00:A0:C7:12:C9:25 vlan 3 voice
Enter one of these options after you enter the vlan keyword:
• vlan-id—On a trunk port, you can specify the VLAN ID and the MAC
address. If you do not specify a VLAN ID, the native VLAN is used.
• access—On an access port, specifies the VLAN as an access VLAN.
• voice—On an access port, specifies the VLAN as a voice VLAN.
The voice keyword is available only if a voice VLAN is configured
on a port and if that port is not the access VLAN. If an interface is
configured for voice VLAN, configure a maximum of two secure MAC
addresses.
Note
(Optional) Enables sticky learning on the interface.switchport port-security mac-address
sticky
Step 11
Example:
Switch(config-if)# switchport
port-security mac-address sticky
(Optional) Enters a sticky secure MAC address, repeating the command as
many times as necessary. If you configure fewer secure MAC addresses than
switchport port-security mac-address
sticky [mac-address | vlan {vlan-id |
{access | voice}}]
Step 12
the maximum, the remaining MAC addresses are dynamically learned, are
converted to sticky secure MAC addresses, and are added to the running
configuration.
Example:
Switch(config-if)# switchport
If you do not enable sticky learning before this command is entered,
an error message appears, and you cannot enter a sticky secure MAC
address.
Note
(Optional) vlan—sets a per-VLAN maximum value.
port-security mac-address sticky
00:A0:C7:12:C9:25 vlan voice
Enter one of these options after you enter the vlan keyword:
• vlan-id—On a trunk port, you can specify the VLAN ID and the MAC
address. If you do not specify a VLAN ID, the native VLAN is used.
• access—On an access port, specifies the VLAN as an access VLAN.
• voice—On an access port, specifies the VLAN as a voice VLAN.
The voice keyword is available only if a voice VLAN is configured
on a port and if that port is not the access VLAN.
Note
Specifies a MAC address that should be forbidden by port-security on the
particular interface.
switchport port-security mac-address
forbidden mac address
Example:
Switch(config-if)# switchport
Step 13
port-security mac-address forbidden
2.2.2
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1490
How to Configure Port Security