Tuesday, November 18, 2008

Switchport port security

In this post i denote the config required to restrict access to port fa0/09 to 3 mac addresses only. In the event that further hosts try to connect a syslog message is generated.


interface FastEthernet0/09
switchport mode access
switchport port-security
switchport port-security maximum 4
switchport port-security violation restrict
switchport port-security mac-address 0040.7014.8ef0
switchport port-security mac-address 00d0.144e.07bf
switchport port-security mac-address 00e0.341c.7871
!
logging 134.1.8.100


To verify configuration use the 'show port-security' commands.

SW3#show port-security int fa0/09 address
Secure Mac Address Table
------------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
(mins)
---- ----------- ---- ----- -------------
1 0040.7014.bef0 SecureConfigured Fa0/10 -
1 00d0.144e.07bf SecureConfigured Fa0/10 -
1 00e0.341c.7871 SecureConfigured Fa0/10 -
------------------------------------------------------------------------
Total Addresses: 3



SW3#show port-security int fa0/09
Port Security : Enabled
Port Status : Secure-down
Violation Mode : Restrict
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 3
Total MAC Addresses : 3
Configured MAC Addresses : 3
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0

No comments: