Follow the below commands to configure Port Security on a Cisco Switch:
The switch port must be an access port else we cannot apply switch port security on that port.
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#switchport mode access
Enable port security on the port:
Switch(config-if)#switchport port-security
To configure the port to learn only 1 MAC address, we need to set maximum to 1:
Switch(config-if)#switchport port-security maximum 1
We can stick the MAC address on a port as well. The MAC address learned on the port can also be added to the running configuration of that port. We use “mac-address sticky command”
Switch(config-if)#switchport port-security mac-address sticky
If the port violates the port security, we can shutdown that port automatically. To do so, follow the commands as following:
Switch(config-if)#switchport port-security violation shutdown
To view the port security configuration on the port, run this command:
Switch#show port-security interface fastEthernet 0/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Last Source Address:Vlan : 0060.3EE1.8E52:20
Security Violation Count : 0
If a port violates the port security, according to our port violation configuration, the port will go into error-disabled state. To make the port active again, go onto that port, bring the port administratively down first and then enable it again:
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface f0/1
Switch(config-if)#shutdown
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
Switch(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to down
Switch(config-if)#end
Switch#
