Specifications
2-318
Catalyst 2950 and Catalyst 2955 Switch Command Reference
78-15304-01
Chapter 2 Cisco IOS Commands
switchport port-security
Defaults Port security is disabled.
When port security is enabled, if no keywords are entered, the default maximum number of secure MAC
addresses is 1.
Sticky learning is disabled.
The default violation mode is shutdown.
Command Modes Interface configuration
Command History
Usage Guidelines A secure port can have from 1 to 132 associated secure addresses. The total number of available secure
addresses on the switch is 1024.
After you set the maximum number of secure MAC addresses allowed on a port, you can add secure
addresses to the address table by manually configuring all of them, by allowing the port to dynamically
configure all of them, or by configuring a number of MAC addresses and allowing the rest to be
dynamically configured.
You can delete dynamic secure MAC addresses from the address table by entering the clear
port-security dynamic privileged EXEC command.
You can enable sticky learning on an interface by using the switchport port-security mac-address
sticky interface configuration command. When you enter this command, the interface converts all the
dynamic secure MAC addresses, including those that were dynamically learned before sticky learning
was enabled, to sticky secure MAC addresses. It adds all the sticky secure MAC addresses to the running
configuration.
You can delete a sticky secure MAC addresses from the address table by using the clear port-security
sticky mac-addr privileged EXEC command. To delete all the sticky addresses on an interface, use the
clear port-security sticky interface-id privileged EXEC command.
If you disable sticky learning, the sticky secure MAC addresses are converted to dynamic secure
addresses and are removed from the running configuration.
If you save the sticky secure MAC addresses in the configuration file, when the switch restarts or the
interface shuts down, the interface does not need to relearn these addresses. If you do not save the sticky
secure addresses, they are lost.
If you specify restrict or shutdown, use the snmp-server host global configuration command to
configure the Simple Network Management Protocol (SNMP) trap host to receive traps.
It is a security violation when one of these situations occurs:
• The maximum number of secure MAC addresses have been added to the address table, and a station
whose MAC address is not in the address table attempts to access the interface.
• An address learned or configured on one secure interface is seen on another secure interface in the
same VLAN.
Release Modification
12.1(6)EA2 This command was first introduced. It replaced the port security and
mac-address-table secure commands.
12.1(11)EA1 The mac-address sticky [mac-address] option was added.