Switch Port Security

The switchport security feature offers the ability to configure a switchport so that traffic can be limited to only a specific configured MAC address or list of MAC addresses.

There are three different types of secure MAC address:

  • Static secure MAC addresses—This type of secure MAC address is statically configured on a switchport and is stored in an address table and in the running configuration.
  • Dynamic secure MAC addresses—This type of secure MAC address is learned dynamically from the traffic that is sent through the switchport. These types of addresses are kept only in an address table and not in the running configuration.
  • Sticky secure MAC addresses—This type of secure MAC address can be manually configured or dynamically learned. These types of addresses are kept in an address table and in the running configuration.

Switch)# config t
Switch(config)# int fa0/18
Switch(config-if)# switchport port-security ?
aging Port-security aging commands
mac-address Secure mac address maximum
Max secure addresses violation Security violation mode

Switch(config-if)# switchport port-security
Switch(config-if)#^Z

The default settings of only allowing one MAC address, determining that MAC address from the first device that communicates on this switch port, and shutting down that switch port if another MAC address attempts to communicate via the port.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s