Default
By default, this option is disabled.
Command Mode
Interface Configuration Mode.
Command Default Level
Level: 15.
Usage Guideline
When port security is enabled, the port will automatically learn the dynamic secured entry which will be timed
out. These entries will be aged out based on the setting specified by the
switchport port-security aging
command.
As the port mode-security state is changed, the violation counts will be cleared. As the port-security state is
changed to disabled, the auto-learned secured entries and violation counts are cleared. When the maximum
setting is changed, the auto-learned secured entries and violation counts are cleared.
A port-security enabled port has the following restrictions.
If the port is a link aggregation member port, the port security function cannot be enabled.
When the maximum number of secured users is exceeded, one of the following actions can occur:
Protect
- When the number of port secure MAC addresses reaches the maximum number of users that
is allowed on the port, the packets with the unknown source address is dropped until some secured
entry is removed to release the space.
Restrict
- A port security violation restricts data and causes the security violation counter to increment.
Shutdown
- The interface is disabled, based on errors, when a security violation occurs.
Example
This example shows how to configure the port security maximum of 5 secure MAC addresses are allowed on
the port.
Switch# configure terminal
Switch(config)# interface Ethernet 1/0/1
Switch(config-if)# switchport port-security maximum 5
To Next Page
Loading...
