Specifications
2-317
Catalyst 2950 and Catalyst 2955 Switch Command Reference
78-15304-01
Chapter 2 Cisco IOS Commands
switchport port-security
switchport port-security
Use the switchport port-security interface configuration command without keywords to enable port
security on an interface. Use the keywords to configure secure MAC addresses, a maximum number of
secure MAC addresses, or the violation mode. Use the no form of this command to disable port security
or to set the parameters to their default states.
switchport port-security [mac-address mac-address] | [mac-address sticky [mac-address]] |
[maximum value] | [violation {protect | restrict | shutdown}]
no switchport port-security [mac-address mac-address] | [mac-address sticky [mac-address]] |
[maximum value] | [violation {protect | restrict | shutdown}]
Syntax Description mac-address mac-address (Optional) Specify a secure MAC address for the port by entering a
48-bit MAC address. You can add additional secure MAC addresses
up to the maximum value configured.
mac-address sticky
[mac-address]
(Optional) Enable the interface for sticky learning by entering only the
mac-address sticky keywords. When sticky learning is enabled, the
interface adds all secure MAC addresses that are dynamically learned
to the running configuration and converts these addresses to sticky
secure MAC addresses.
Specify a sticky secure MAC address by entering the mac-address
sticky mac-address keywords.
Note Although you can specify a sticky secure MAC address by
entering the mac-address sticky mac-address keywords, we
recommend using the mac-address mac-address interface
configuration command to enter secure MAC addresses.
maximum value (Optional) Set the maximum number of secure MAC addresses for the
interface. The range is from 1 to 132. The default is 1.
violation (Optional) Set the security violation mode or the action to be taken if
port security is violated. The default is shutdown.
protect Set the security violation protect mode. When the number of secure
MAC addresses reach the maximum allowed on the port, packets with
unknown source addresses are dropped until you remove a sufficient
number of secure MAC addresses.
restrict Set the security violation restrict mode. In this mode, a port security
violation restricts data and, depending on the type of secure address,
sends a system log message, sends an SNMP trap, and causes the
SecurityViolation counter to increment.
shutdown Set the security violation shutdown mode. In this mode, a port security
violation causes the interface to immediately become error-disabled
and turns off the port LED. When a secure port is in the error-disabled
state, you can bring it out of this state by entering the errdisable
recovery cause psecure-violation global configuration command, or
you can manually re-enable it by entering the shutdown and no shut
down interface configuration commands.