Sometimes, users try to do unnecessary tasks that may slow down the network performance or may breach the network security. It is the responsibility of network engineers to prevent such users from doing malicious tasks in the network. In a network that contains Cisco switches, you can control to access your switch ports by implementing port security. For example, you can control who can access a specific port (interface) of a switch or how many devices can be connected to a specific switch port. There is a feature called Switch Port Security that allows you to do so. In this post, we will explain how to configure port security on Cisco Switch.
Before configuring port security on a switch, let’s have a look at the commands used to configure it. In the following figure, the first command shows the switchport command options that are used to configure port-related options. The second command shows the port-security options that are used to configure port-security-related options.
Configure Port Security Step By Step
We will use the following network topology to configure port security on a Cisco switch.
To configure port Security on a Cisco switch, you need to perform the following steps:
- First of all, open the Command Prompt of PC1, execute the ipconfig /all command, and note down its MAC address as shown in the following figure.
- Next, open the Switch’s console. Execute the following command to switch to the interface configuration mode for the appropriate interface. For example interface Fa0/1.
- Next, execute the following commands to enable the access mode and port security feature on the Fa0/1 interface.
Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security
- Next, execute the following commands. The first command will allow you to bind the MAC address that you want to allow to access this interface. The second command will allow you to set the maximum number of MAC addresses to this interface.
Switch(config-if)#switchport port-security mac-address 00D0.BC9A.42DC Switch(config-if)#switchport port-security maximum 1
- Next, execute the following commands to set the violation policy and exit from the interface configuration mode as shown in the following figure.
Switch(config-if)#switchport port-security violation shutdown Switch(config-if)#exit Switch(config)#exit
- Now, you have enabled and configured port security feature on the Fa0/1 interface. Next, execute the following command to show the MAC addresses associated with the Fa0/1 interface as shown in the following figure.
Switch#show port-security address
- Next, execute the following command to show the port security settings of the Fa0/1 interface as shown in the following figure.
Switch#show port-security interface 0/1
In the preceding figure, you can see that the port-security status is enabled, violation mode is in the shutdown state, and maximum 1 MAC addresses is allowed.
In this post, we have explained how to configure port security on Cisco switch. Hope, it helped you. Please share your experience with us. We would love to hear your feedback.