Specifications
Command Line Interface
3-58
3
Default Setting
Status: Disabled
Action: None
Maximum Addresses: 0
Command Mode
Interface Configuration (Ethernet)
Command Usage
• If you enable port security, the switch will stop dynamically learning new
addresses on the specified port. Only incoming traffic with source addresses
already stored in the dynamic or static address table will be accepted.
• To use port security, first allow the switch to dynamically learn the <source
MAC address, VLAN> pair for frames received on a port for an initial training
period, and then enable port security to stop address learning. Be sure you
enable the learning function long enough to ensure that all valid VLAN
members have been registered on the selected port.
• To add new VLAN members at a later time, you can manually add secure
addresses with the mac-address-table static command, or turn off port
security to re-enable the learning function long enough for new VLAN members
to be registered. Learning may then be disabled again, if desired, for security.
• A secure port has the following restrictions:
- Cannot use port monitoring.
- Cannot be a multi-VLAN port.
- Cannot be connected to a network interconnection device.
- Cannot be a trunk port.
• If a port is disabled due to a security violation, it must be manually re-enabled
using the no shutdown command.
Example
The following example enables port security for port 5, and sets the response to a
security violation to issue a trap message:
Related Commands
shutdown (3-104)
mac-address-table static (3-116)
show mac-address-table (3-117)
Console(config)#interface ethernet 1/5
Console(config-if)#port security action trap