Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
843
Views
0
Helpful
4
Replies

Port security

Go to solution
gaelfabrice
Level 1
Level 1

‎11-30-2016 02:22 PM - edited ‎03-08-2019 08:23 AM

hi

plz i would like to know the purpose of this commands

switchport mode access

switchport port-security

switchport port-security maximum 2

switchport port-security mac-address aaaa.bbbb.cccc

switchport port-security violation shutdown 

if a host with mac-address dddd.eeee.ffff

is directly connected to the switch port what gonna happen

host will be allowed or port will goes down  ?

and if another host with mac-address gggg.hhhh.iiii

connect also what will happen

thx in advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dennis Mink
VIP Alumni
VIP Alumni

‎11-30-2016 02:41 PM

the above means that the port will go into error-disable mode when more than 2 mac addresses are learned through that particular port. on mac is aaaa.bbbb.cccc the other is dynamically learned, unless explicitly configured. so your config as it is will allow dddd.eeee.ffff as you set a mximum of 2 mac addresses as per

switchport port-security maximum 2

hope this explains it

Please remember to rate useful posts, by clicking on the stars below.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Dennis Mink
VIP Alumni
VIP Alumni

‎11-30-2016 02:41 PM

the above means that the port will go into error-disable mode when more than 2 mac addresses are learned through that particular port. on mac is aaaa.bbbb.cccc the other is dynamically learned, unless explicitly configured. so your config as it is will allow dddd.eeee.ffff as you set a mximum of 2 mac addresses as per

switchport port-security maximum 2

hope this explains it

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Go to solution
gaelfabrice
Level 1
Level 1
In response to Dennis Mink

‎11-30-2016 02:58 PM

so  

gggg.hhhh.iiii  will be blocked ( port will goes down ) 

and 

dddd.eeee.ffff

allowed right ?

0 Helpful

Go to solution
Dennis Mink
VIP Alumni
VIP Alumni
In response to gaelfabrice

‎11-30-2016 03:17 PM

so, as per your initial post, you have  hard set only one mac:

mac-address aaaa.bbbb.cccc

the next mac is still allowed, be it dddd.eeee.ffff  or gggg.hhhh.iiii   because that second mac address in the port is dynamically learned, either mac will be allowed, but not both.

I strongly advise you to test it though

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Go to solution
gaelfabrice
Level 1
Level 1
In response to Dennis Mink

‎11-30-2016 03:35 PM

thx thxits ok now 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card