Cisco Port Security Notes

  • without switchport port-security command, the feature is not activated. So even if we issue (config-if)#switchport port-security mac-address 0000.05e0.0101, it is still not there. And any plugged port will be to your surprise operational:port security is inactive
  • now with switchport port-security, the Cisco port security feature is activated. Any interface with a MAC address other than the one specified will lead to a port err-disable state

port in err-disabled state due to port security
Now, we increase the number of allowed MAC addresses on a single port where Cisco port security is enabled
define a maximum in port security
But that doesn’t activate interface fas0/6. In fact, it’s still in Err-disabled state:

So we shut/no shut the interface and that brings it up once again:

Leave a Comment