How To Configure Port Security on Cisco Switch

Sometimes, users try to do unnecessary tasks that may slow down the network performance or may breach the network security. It is the responsibility of network engineers to prevent such users from doing malicious tasks in the network. In a network that contains Cisco switches, you can control to access your switch ports by implementing port security. For example, you can control who can access a specific port (interface) of a switch or how many devices can be connected to a specific switch port. There is a feature called Switch Port Security that allows you to do so. In this post, we will explain how to configure port security on Cisco Switch.

Before configuring port security on a switch, let’s have a look at the commands used to configure it. In the following figure, the first command shows the switchport command options that are used to configure port-related options. The second command shows the port-security options that are used to configure port-security-related options.Port-security command options

Configure Port Security Step By Step

We will use the following network topology to configure port security on a Cisco switch.Configure Port Security Topology

To configure port Security on a Cisco switch, you need to perform the following steps:

  1. First of all, open the Command Prompt of PC1, execute the ipconfig /all command, and note down its MAC address as shown in the following figure.ipconfig /all command
  2. Next, open the Switch’s console. Execute the following command to switch to the interface configuration mode for the appropriate interface. For example interface Fa0/1.
Switch(config)#interface fa0/1
  1. Next, execute the following commands to enable the access mode and port security feature on the Fa0/1 interface.
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
  1. Next, execute the following commands. The first command will allow you to bind the MAC address that you want to allow to access this interface. The second command will allow you to set the maximum number of MAC addresses to this interface.
Switch(config-if)#switchport port-security mac-address 00D0.BC9A.42DC
Switch(config-if)#switchport port-security maximum 1
  1. Next, execute the following commands to set the violation policy and exit from the interface configuration mode as shown in the following figure.
Switch(config-if)#switchport port-security violation shutdown
Switch(config-if)#exit
Switch(config)#exit

Implement port security

  1. Now, you have enabled and configured port security feature on the Fa0/1 interface. Next, execute the following command to show the MAC addresses associated with the Fa0/1 interface as shown in the following figure.
Switch#show port-security address

Port-security verification

  1. Next, execute the following command to show the port security settings of the  Fa0/1 interface as shown in the following figure.
Switch#show port-security interface 0/1

Configure port security on Cisco switch

In the preceding figure, you can see that the port-security status is enabled, violation mode is in the shutdown state, and maximum 1 MAC addresses is allowed.

In this post, we have explained how to configure port security on Cisco switch. Hope, it helped you. Please share your experience with us. We would love to hear your feedback.

Posted in Cisco, Switching Tagged with: ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*