MN700004 Rev 01 456. Port SecurityIntroductionYou can use port security to block input to a port when the MAC address of the stationattempting to access the port does not match any of the MAC addresses specified for that port.Alternatively, you can use port security to filter traffic destined to or received from a specifichost based on the host MAC address.After establishing the maximum number of MAC addresses on a port, the secure MACaddresses can be configured manually or learned dynamically. You can manually configureall the secure MAC address or only some of them.When a secure port receives a packet, the source MAC address of the packet is compared tothe list of secure source addresses that were manually configured or dynamically learned onthe port. If a MAC address of a device attached to the port differs from the list of secureaddresses, the port either shuts down permanently or drops incoming packets from theinsecure host and sends trap message to the Simple Network Management Protocol (SNMP)manager. The port's behavior depends on the configuration that determines its response to asecurity violation.Configuring and Displaying Port Security SettingsTable 6-1 Port Security CommandsC o m m a n d D e s c r i p t i o nport security Enables port security on the configured interface.show port security Displays the port security configuration.Description of Commandsport securityThe port security command, in Interface Configuration mode, enables port security on a portand restricts the use of the port to a user-defined group of stations. The no form of thiscommand returns the port to its default value.If the port security option is activated on a port, only SECURED MAC addresses that areconfigured to this port are permitted to connect to this port. A station with a MAC addressthat has not been configured appropriately in the MAC address table will produce an addressviolation event. See How Entries are added to the FDB.If no action is defined, the default action is trap. If no maximum number is defined for secureaddresses support, all the addresses will be learned as secured.
