Cisco Switch Port Security and Configuration simple guide

Cisco Switch Port Security and Configuration simple guide

The port security highlight to confine contribution to an interface by restricting and recognizing MAC locations of the workstations that are permitted to get to the port. When you appoint secure MAC delivers to a protected port, the port does not forward parcels with source addresses outside the gathering of characterized addresses. Port security is ordinarily arranged on ports that associate servers or workstation.

port security cisco netsecaddict

 Configuration Steps:

As per Cisco standard switch port is disabled by default, the switch port security disabled is impaired on all switch ports and must be enabled before configuration of switch port security.

If you to apply switch port security on switch its must be L2 switch interface is required.

Then you have to enable port security by operating the command and a scope of the interfaces on a switch or individual interfaces.

 “switchport port-security”

However you can determine what number of MAC be wont to to the switch can have on one interface at any given moment. The direction to arrange this is as per the following, “switchport port-security maximum N” (where N can be from 1 to 8192)

This evolution is additionally optional, however you can describe the move to make when a violation happens on that interface or interfaces. The default is to close down the interface or interfaces. The order to design this is as per the following “switch port-security violation {protect | restrict | shutdown}”

  • Protect – the activity however keeps the port up and does not send a SNMP message.
  • Restrict – the activity and sends a SNMP message yet keeps the port up
  • Shutdown – the activity sends a SNMP message and impairs the port. (This is the default conduct is no setting is determined.)

The command “switchport port-security mac-address value”. Use this command many times if you want to add extra than one MAC address.

portsecurity netsecaddict

If you want to configure MAC address dynamically using the “switchport port-security mac-address sticky” command.

Configuration Command:


We can view the default port security configuration with show port-security interface fastethernet 0/14


When a host connects to the switch port, the port learns the host’s MAC address as the first frame is received:


  • Now, we disconnect the host from the port, connect a small switch or hub, and reconnect the original host plus a second, unauthorized host so that they both attempt to share the access port. Observe what happens as soon as the second host attempts to send traffic:

%PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/14, putting Fa0/14 in err-disable state

%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address c409.38f5.1df3 on port FastEthernet0/14.

%LINEPROTO-5-UPDOWN:Line protocol on Interface FastEthernet0/14,changed state to down

%LINK-3-UPDOWN: Interface FastEthernet0/14, changed state to down



agree-hand-like-top-finger-thumb-up-ok-perfectIf  you are like this article please share it, Like it and Comment on blog if  any suggestion or query. 

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at

Up ↑

%d bloggers like this: