Last Source Address:Vlan : 13c:10įastEthernet0/13 is down, line protocol is down ( err-disabled) Inspecting the status of port security on the port again, we can see that the new MAC address triggered a violation: %LINK-3-UPDOWN: Interface FastEthernet0/13, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13, changed state to down %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 13c on port FastEthernet0/13. %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/13, putting Fa0/13 in err-disable state Observe what happens as soon as the second host attempts to send traffic:
#SWITCHPORT PORT SECURITY MAC ADDRESS STICKY VLAN ACCESS PLUS#
Now, we disconnect the host from the port, connect a small switch or hub, and reconnect the original host plus a second, unauthorized host so that they both attempt to share the access port.
![switchport port security mac address sticky vlan access switchport port security mac address sticky vlan access](https://2.bp.blogspot.com/-CmvZnJMZqjI/VETRsa251xI/AAAAAAAADaM/ZnBSNpB1VzI/s1600/ccnp-switch-voice-port-config.png)
When a host connects to the switch port, the port learns the host's MAC address as the first frame is received: Last Source Address:Vlan : 0000.0000.0000:0Īs you can see, there are a number of attributes which can be adjusted. Switch# show port-security interface f0/13 We can view the default port security configuration with show port-security: Switch(config-if)# switchport port-securityĪlthough only a single interface is used for illustration in this article, port security, if configured, is typically configured on all user-facing interfaces. Port security can be enabled with default parameters by issuing a single command on an interface: The addition of unmanaged devices complicates troubleshooting by administrators and is best avoided. so that two or three users can share a single access port).
![switchport port security mac address sticky vlan access switchport port security mac address sticky vlan access](https://thenetworkseal.files.wordpress.com/2016/03/trunkport.png)
Its primary use is to deter the addition by users of "dumb" switches to illegally extend the reach of the network (e.g. It enables an administrator configure individual switch ports to allow only a specified number of source MAC addresses ingressing the port.
![switchport port security mac address sticky vlan access switchport port security mac address sticky vlan access](https://www.tp-link.com/us/configuration-guides/configuring_mac_address/configuring_mac_address-web-resources/image/例_vlan_Security.png)
Port security is a layer two traffic control feature on Cisco Catalyst switches.