Port Security

In this post I will configure a port with port security as sticky port (will learn the first mac address). I then configure the switch to re-enable the port after 2 minutes of shutdown.

Finally I will use some useful show commands to view the interface configuration, state of the port and verify that the correct settings are in the running config.



switch1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch1(config)#interface fastEthernet 0/17
switch1(config-if)#switchport port-security
switch1(config-if)#switchport port-security mac-address sticky
switch1(config-if)#end


switch1(config)#errdisable recovery cause psecure-violation
switch1(config)#errdisable recovery interval 120



switch1#sh run interface fastEthernet 0/17
Building configuration...

Current configuration : 254 bytes
!
interface FastEthernet0/17
switchport access vlan 2
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 001e.68ff.d35f
no ip address
spanning-tree portfast
end





switch1#show port-security interface fastEthernet 0/17
Port Security : Enabled
Port status : SecureUp
Violation mode : Shutdown
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Aging time : 0 mins
Aging type : Absolute
SecureStatic address aging : Disabled
Security Violation count : 0



switch1#show port-security address
Secure Mac Address Table
-------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
(mins)
---- ----------- ---- ----- -------------
2 001e.68ff.d35f SecureSticky Fa0/17 -
-------------------------------------------------------------------
Total Addresses in System : 1
Max Addresses limit in System : 1024



switch1#show running-config | include errdisable
errdisable recovery cause psecure-violation
errdisable recovery interval 120