Showing the current configuration before starting:
do show vlan brief do show mac address-table do show mac address-table int g0/1 do show port-security int g0/1
Setting up Port-Security on the interface G0/1:
int g0/1 switchport host switchport port-security max 1 switchport port-security violation protect OR switchport port-security violation restrict OR switchport port-security violation shutdown
- Protect
- Drop all packages from the sources that are not on the list and does not notify or alert the network administrators.
- Restrict
- Drop all packages from the sources that exceeds that maximum allowed and causes the SecurityViolation counter
to increment.
- Drop all packages from the sources that exceeds that maximum allowed and causes the SecurityViolation counter
- Shutdown
- Shutdown the port and send an SNMP notification. Has to be manually brought up or set an auto-recovery.
Then, enable the Port-Security.
switchport port-security
Setting up an auto-recovery to violated ports:
errdisable recovery cause psecure-violation errdisable recovery interval 600 do show errdisable recovery
Manually setting the MAC address allowed to a port:
switchport port-security mac-address FF:FF:FF:FF:FF:FF