Port Security is a Layer 2 Security protocol that protects the Switch from CAM/MAC address flooding. Port Security will be enabled per-interface on L2 switches. Port-security by default will shutdown a port and place it into "err-disabled" mode. Port-security can only be enabled on "access" ports. By default port-security will only 1 MAC address per interface.
Layer 2 Security Network Diagram SW1(config)#interface range eth0/1, eth0/3 # This command brings us into the range-sub-interface mode.
SW1(config-if-range)#switchport port-security # This command will enable "port-security" on the interface
SW1(config-if-range)#switchport port-security maximum 2 # This command will set the amount of MAC addresses allowed on the interface
SW1(config-if-range)#switchport port-security mac-address sticky # This command will apply the connected SRC MAC address to the running-configuration of the interface.
The full configuration is shown below
Port Security Configuration SW1#show run interface ethernet0/3 # This command will show you the running configuration of the interface
SW1#show port-security # This command will show you the port-security table. This table shows you which ports are configured for port-security.
show port-security command and output SW1#show port-security | include err # This command will just show you the err-disabled ports in the port security table.
How to clear port-security
SW1#clear port-security all # This command will clear any port-security violations.
SW1(config-if)#shut SW1(config-if)#no shut # These two commands reset the interface. This is how you clear the "err-disabled" state on an interface.
