Administrator Guide
Layer 2 Switching Commands 299
server enable traps port-security command. The default action is to log a
message and send an SNMP trap. Port security can optionaly error disable an
interface on which a violation occurs using the switchport port-security
violation shutdown command.
Sticky mode configuration converts all the existing dynamically learned MAC
addresses on an interface to sticky. This means that they will not age out and
will appear in the running-config. In addition, new addresses learned on the
interface will also become sticky. Note that sticky is not the same as static –
the difference is that all sticky addresses for an interface are removed from the
running-config when the interface is taken out of sticky mode. Static
addresses must be removed from the running-config individually.
Sticky MAC addresses appear in the running-config in the following form:
switchport port-security mac-address sticky 0011.2233.4455 vlan 33
Statically locked MAC addresses appear in the running-config in the
following form:
switchport port-security mac-address 0011.2233.4455 vlan 33
Port security must be enabled globally and on the interface in order to be
active.
Port security should only be enabled on access mode ports and not on trunk
mode ports.
The maximum dynamic MAC addresses per interface is 3000, subject to the
total MAC address limit supported by the switch. The maximum static/sticky
MAC addresses per interface is 40.
Command History
Updated in 6.3.0.1 firmware.
Example
Enable port security/MAC locking globally and on an interface.
console(config)#switchport port-security
console(config)#interface gi1/0/3
console(config-if-gi1/0/3)#switchport port-security
Enable port security/MAC locking globally and on an interface, enable sticky
mode on the interface and convert all dynamic addresses on the interface to
sticky.
console(config)#switchport port-security
2CSNXXX_SWUM204.book Page 299 Monday, January 25, 2016 1:25 PM