First set the port to an access port!
By default the port is set to dynamic desirable ( this means it changes it state to whatever device is connected!)
If you don’t set it to access port, you get the following message:
Linuxsource-Switch01# enable Linuxsource-Switch01# configure terminal Linuxsource-Switch01(config)# interface fastEthernet 0/1 Linuxsource-Switch01(config-if)# switchport port-security Command rejected: FastEthernet0/1 is a dynamic port.
How to set the port to an access port:
Linuxsource-Switch01(config-if)# switchport mode access
Set 1 mac-address to an port:
Linuxsource-Switch01(config-if)# switchport port-security maximum 1
The violation , means that what the switch should do, when it noticed the violation that is set!
Shutdown = Port is going to shutdown and can only be enabled by an administrator
Then set the violation:
Linuxsource-Switch01(config-if)# switchport port-security violation shutdown
This means that there is only 1 mac-address allowed per session!
after the switches noticed a second mac-address, the port is going to shutdown
Or set the mac-address of the device connected to the port. (example mac 00-25-22-69-28-E3)
or view the mac-address the switch knows with the following commands:
Linuxsource-Switch01(config-if)# switchport port-security mac-address 0025-2269-28E3
Windows and Cisco have different mac-address notation! (see above)
Or use the sticky instead. This means the switch is taking the mac-address connected to that port as the only default mac-address
How to set sticky and view you configuration:
Linuxsource-Switch01(config-if)# switchport port-security mac-address sticky Linuxsource-Switch01(config-if)# do show running-config interface fa/01 interface FastEthernet0/1 switchport mode access switchport port-security mac-address sticky
You can’t see the violation shutdown and maximum 1 in the running config, because they are default commands.
Default commands are not shown in the running config!
Then set the port-security on…..!
Linuxsource-Switch01(config-if)# switchport port-security Linuxsource-Switch01(config-if)#
Save the config:
Linuxsource-Switch01(config-if)# end Linuxsource-Switch01# copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK]
Verify your configuration:
Linuxsource-Switch01# show port-security ? address Show secure address interface Show secure interface Linuxsource-Switch01#show port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) -------------------------------------------------------------------- Fa0/1 1 0 0 Shutdown ----------------------------------------------------------------------
To view more detailed information, you can do the following:
Linuxsource-Switch01# show port-security interface fastEthernet 0/1 Port Security : Enabled Port Status : Secure-down Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 0 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address:Vlan : 0000.0000.0000:0 Security Violation Count : 0
There is no device connected to fa0/1. (that why the output above is kinda empty 🙂
