Port Security is a network security feature restricting access to switch ports based on MAC addresses. It allows only specific devices to connect to a port, preventing unauthorized access and mitigating MAC flooding attacks. Administrators can configure limits on the number of MAC addresses per port and specify actions like shutdown, restrict, or protect in case of violations.
#Port Security (based on MAC address)
enable
configure terminal
show mac address-table
show port-security
show port-security <interface>
show errdisable recovery
errdisable recovery cause psecure-violation #to enable auto recovery from err-disabled state, after Port Security Violation
errdisable recovery interval <seconds> #to set timer for auto recovery
interface <interface>
switchport port-security
switchport port-security maximum <number> #number of MAC addresses allows on the interface
switchport port-security mac-address <MAC address> #to set MAC address manually, or gets auto the first MAC
switchport port-security mac-address sticky #to set MAC in dynamic mode, until a switch reboot
switchport port-security violation {shutdown | restrict | protect}
# -shutdown - the port will shutdown
# -restrict - the port won`t shutdown, just will blocks unauth MAC address
# -protect - the port won`t shutdown, just will blocks unauth MAC address, and won`t send any notification
switchport port-security aging timer <minutes> #
switchport port-security aging static #
switchport port-security aging type {absolute | inactivity} # get the time from calendar or the device uptime