Technical Manual
Port Security
You can use the port security feature to limit and identify MAC addresses of the stations allowed to access the
port. This restricts input to an interface. When you assign secure MAC addresses to a secure port, the port
does not forward packets with source addresses outside the group of defined addresses. If you limit the
number of secure MAC addresses to one and assign a single secure MAC address, the workstation attached to
that port is assured the full bandwidth of the port. If a port is configured as a secure port and the maximum
number of secure MAC addresses is reached, when the MAC address of a station that attempts to access the
port is different from any of the identified secure MAC addresses, a security violation occurs. Also, if a
station with a secure MAC address configured or learned on one secure port attempts to access another secure
port, a violation is flagged. By default, the port shuts down when the maximum number of secure MAC
addresses is exceeded.
Note: When a Catalyst 3750 Switch joins a stack, the new switch receives the configured secure addresses.
All dynamic secure addresses are downloaded by the new stack member from the other stack members.
Refer to Configuration Guidelines for the guidelines on how to configure port security.
Here, the port security feature is shown configured on the FastEthernet 1/0/2 interface. By default, the
maximum number of secure MAC addresses for the interface is one. You can issue the show port−security
interface command in order to verify the port security status for an interface.
Port Security
Cat3750#show port−security interface fastEthernet 1/0/2
Port Security : Disabled
Port Status : Secure−down
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0