Professional Documents
Culture Documents
Port-security
Sometimes people like to bring an extra switch from home to the office
As a result the Cisco switch will learn the MAC address of Computer A and
Computer B on its FastEthernet 0/1 interface
Port-security
2
Switches
Port-security
3
Switches
Port-security
Use show portsecurity interface to see the port security details per interface.
4
Switches
Port-security
To get the interface out of err-disable state you need to type
“shutdown” followed by “no shutdown”
Instead of typing in the MAC address ourselves we can also make the switch
learn a MAC address for port-security
The sticky keyword will make sure that the switch uses the first MAC address that it
learns on the interface for port-security
5
Switches
Port-security
6
Switches
Port-security
Violation Modes
Protect: Ethernet frames from MAC addresses that are not allowed will be
dropped but you won't receive any logging information
Restrict: Ethernet frames from MAC addresses that are not allowed will be
dropped but you will see logging information and a SNMP trap is sent
Shutdown: Ethernet frames from MAC addresses that are not allowed will
cause the interface to go to err-disable state. You will see logging information
and a SNMP trap is sent