14-3
Configuring and Monitoring Port Security
Port Security
• Static: Enables you to set a fixed limit on the number of MAC 
addresses authorized for the port and to specify some or all of the 
authorized addresses. (If you specify only some of the authorized 
addresses, the port learns the remaining authorized addresses from 
the traffic it receives from connected devices.)
• Configured: Requires that you specify all MAC addresses authorized 
for the port. The port is not allowed to learn addresses from inbound 
traffic.
■ Authorized (MAC) Addresses: Specify up to eight devices (MAC 
addresses) that are allowed to send inbound traffic through the port. This 
feature:
• Closes the port to inbound traffic from any unauthorized devices 
that are connected to the port.
• Provides the option for sending an SNMP trap notifying of an 
attempted security violation to a network management station 
and, optionally, disables the port. (For more on configuring the 
switch for SNMP management, see “Trap Receivers and Authen-
tication Traps” in the Management and Configuration Guide for 
your switch.)
■ Port Access: Allows only the MAC address of a device authenticated 
through the switch’s 802.1X Port-Based access control. Refer to chapter 
13, Configuring Port-Based and User-Based Access Control (802.1X).
For configuration details, refer to “Configuring Port Security” on page 14-12.
Eavesdrop Prevention
Configuring port security on a given switch port automatically enables Eaves-
drop Prevention for that port. This prevents use of the port to flood unicast 
packets addressed to MAC addresses unknown to the switch and blocks 
unauthorized users from eavesdropping on traffic intended for addresses that 
have aged-out of the switch’s address table. (Eavesdrop Prevention does not 
affect multicast and broadcast traffic; the switch floods these two traffic types 
out a given port regardless of whether port security is enabled on that port.) 
Disabling Eavesdrop Prevention
Traffic with an unknown destination address is blocked when port security is 
configured and Eavesdrop Prevention is enabled. You can disable Eavesdrop 
Prevention on ports where it may cause problems, such as on ports that are 
configured to use limited-continuous learning mode. See “Configuring Port 
Security” on page 14-12 for more information on learning modes.