Gigabit Ethernet Switch Management Guide
A
UTHENTICATION
 C
OMMANDS
4-103
Default Setting 
Status: Disabled
Action: None
Maximum Addresses: 0
Command Mode 
Interface Configuration (Ethernet)
Command Usage 
• If you enable port security, the switch will stop dynamically learning 
new addresses on the specified port. Only incoming traffic with source 
addresses already stored in the dynamic or static address table will be 
accepted. 
• To use port security, first allow the switch to dynamically learn the 
<source MAC address, VLAN> pair for frames received on a port for 
an initial training period, and then enable port security to stop address 
learning. Be sure you enable the learning function long enough to 
ensure that all valid VLAN members have been registered on the 
selected port.
• To add new VLAN members at a later time, you can manually add 
secure addresses with the mac-address-table static command, or 
turn off port 
security to re-enable the learning function long enough 
for new VLAN members
 to be registered. Learning may then be 
disabled again, if desired, for security. 
• A secure port has the following restrictions: 
- Cannot use port monitoring. 
- Cannot be a multi-VLAN port. 
- Cannot be connected to a network interconnection device. 
- Cannot be a trunk port. 
• If a port is disabled due to a security violation, it must be manually 
re-enabled using the no shutdown command.










