![switchport port security mac address sticky switchport port security mac address sticky](https://media.cheggcdn.com/media/e34/s700x636/e349c478-4c12-47b2-85bf-110de712dd6a/image.png)
The status code of err-disabled means that the security violation occured on the port. Next, by using the show port-security interface fa0/1 we can see that the switch has learned the MAC address of host A:īy default, the maximum number of allowed MAC addresses are one, so if we connect another host to the same port, the security violation will occur: The following example shows the configuration of port security on a Cisco switch:įirst, we need to enable port security and define which MAC addresses are allowed to send frames: define the maximum number of MAC addresses that can be used on the port by using the switchport port-security maximum NUMBER interface submode command Shut down mode also shuts down the port.Ģ. The restrict and shutdown options send a log messsages when a violation occurs. All three options discards the traffic from the unauthorized device. As you can see from above, the switch has learned MAC address f02d.3f4e.2dcc and from now on only this address will be allowed to connect to this port. define what action the switch will take when receiving a frame from an unathorized device by using the port security violation interface subcommand. switchport port-security switchport port-security aging time 15 switchport port-security mac-address sticky switchport port-security mac-address sticky f02d.3f4e.2dcc. define which MAC addresses are allowed to send frames through this interface by using the switchport port-security mac-address MAC_ADDRESS interface subcommand or using the swichport port-security mac-address sticky interface subcommand to dynamically learn the MAC address of the currently connected hostġ. Note: By default when port security violations occur, the port discards any frames on that interface originating from violating MAC addresses.
![switchport port security mac address sticky switchport port security mac address sticky](http://computeractivity.com/wp-content/uploads/2021/11/portsec42-1024x391.png)
enable port security by using the switchport port-security interface subcommandģ. define the interface as an access interface by using the switchport mode access interface subcommandĢ. To configure port security, three steps are required:ġ. If an unathorized device is connected, you can decide what action the switch will take, for example discarding the traffic and shutting down the port. This way you can restrict access to an interface so that only the authorized devices can use it. By using port security, a network administrator can associate specific MAC addresses with the interface, which can prevent an attacker to connect his device. If you know which devices will be connected to which ports, you can use the Cisco security feature called port security. As soon as the ethernet cable is unplugged, another computer may be plugged into port. switchport port-security mac-address sticky 0006.5bbb.6972 vlan access //mac address for fa1/0/11 was added to running config// NOTES: Without the sticky command, mac addresses time out immediately. That means that an attacker could connect to your network through a wall socket and potentially threaten your network. switchport port-security mac-address sticky. By default, all interfaces on a Cisco switch are turned on.