Cisco - Port-Security

Port-security will only allow a limited number of MAC-addressen on a switch port

There are 3 types of port-security: All types will:
Protect: - Frames from new MAC-addresses will be dropped
- Dropped frames will not be logged
- Dropped frames will not create security violation
Restrict: - Frames from new MAC-addresses will be dropped
- Dropped frames will be logged
- Dropped frames will create security violation
Shutdown: - Frames from new MAC-addresses will be dropped
- Dropped frames will be logged
- Dropped frames will create security violation
- Dropped frames will cause a port to go in SHUTDOWN


The sticky mode will remember MAC-Addresses, even when you reboot the switch!!!

Example 1 - standard port configuration:

int fastethernet 0/1
  switchport port-security
  switchport port-security maximum 1
  switchport port-security violation <protect|restrict|shutdown>
  switchport port-security mac-address sticky

Example 2 - release locked port after 15 minutes (900 seonds):

! Enable recovery from a locked port
errdisable recovery cause psecure-violation
!
! Recovery will happen after 900 seconds (15 min).
errdisable recovery interval 900