Cisco Tips & Tricks

April 28, 2007

Why port Security?

Filed under: cisco, security, Switching — ciscotips @ 10:02 pm

Port security can be the best method of security incase you do not have a physical control of your devices in the location. Port security will only let group of address/addresses to access the switch securing your network from physical attacks.

Secured ports restrict a port to a user-defined group of stations. When you assign secure addresses to a secure port, the switch does not forward any packets with source addresses outside the defined group of addresses. If you define the address table of a secure port to contain only one address, the workstation or server attached to that port is guaranteed the full bandwidth of the port. As part of securing the port, you can also define the size of the address table for the port.

Command to enable port security

In config mode, use following command to enable port security

switchport port-security

To define allowed mac-addrresses

switchport port-security maximum max_addrs

To set security violation

switchport port-security violation {shutdown | restrict | protect}



  1. If port security is on in IOS without a specified MAC address, any reload will cause the MAC address in port security to be forgotten. Newer IOSes have a ‘sticky’ feature which will allow the router to remember the MAC address.

    You can set it by using this command:

    switchport port-security sticky

    Of course, this creates more work when users decide to arbitrarily move to new cubicles and such.

    Comment by Dan Jones — May 12, 2007 @ 11:02 pm

  2. Mini GBIC

    Comment by Cory Andrews — September 27, 2010 @ 5:33 pm

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Blog at

%d bloggers like this: