Switch User Manual
CHAPTER
26-1
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E
78-14099-04
26
Configuring Port Security
This chapter describes how to configure the port security feature. Release 12.1(13)E and later releases 
support the port security feature.
Note For complete syntax and usage information for the commands used in this chapter, refer to the 
Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
This chapter consists of these sections:
 • Understanding Port Security, page 26-1
 • Default Port Security Configuration, page 26-2
 • Port Security Guidelines and Restrictions, page 26-2
 • Configuring Port Security, page 26-2
 • Displaying Port Security Settings, page 26-5
Understanding Port Security
You can use the port security feature to restrict input to an interface by limiting and identifying MAC 
addresses of the workstations that are allowed to access the port. When you assign secure MAC 
addresses to a secure port, the port does not forward packets with source addresses outside the group of 
defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure 
MAC address, the workstation attached to that port is assured the full bandwidth of the port.
If a port is configured as a secure port and the maximum number of secure MAC addresses is reached, 
when the MAC address of a workstation attempting to access the port is different from any of the 
identified secure MAC addresses, a security violation occurs. If a workstation with a secure MAC that 
is address configured or learned on one secure port attempts to access another secure port, a violation is 
flagged. 
After you have set the maximum number of secure MAC addresses on a port, the secure addresses are 
included in an address table in one of these ways:
 • You can configure all secure MAC addresses by using the switchport port-security mac-address 
mac_address interface configuration command.
 • You can allow the port to dynamically configure secure MAC addresses with the MAC addresses of 
connected devices. 
 • You can configure a number of addresses and allow the rest to be dynamically configured. 










