Cisco has implemented some security measures to safeguard its Cisco devices from the unauthorized access. Therefore, to be able to secure the physical ports on a Cisco Switch, we have to enable the Port Security.

There are a few options available to the user while he’s configuring the Port Security. One such option is to limit the number of MAC Addresses that the port can connect with.

In this lab, we will allow only one MAC Address to be able to access the interface fast Ethernet 0/2. If some other device is attached to the interface the port will go to shutdown state. Also, the light will turn amber on that switch port.

To enable Port Security on a Cisco switch, we have to change the ‘Switchport’ mode from dynamic to access. By default, the Switchport mode is set to dynamic. Once the Switchport mode is changed, we can then enable the Switchport security on that port.


Lab Tasks

  1. Set maximum number of allowed mac addresses to port fastethernet 0/2 to 1
  2. Port 0/2 should go to shutdown state if other mac address device try to connect

Lab Configuration

Task 1

Switch(config)#interface fastethernet 0/2

Switch(config-if)#switchport mode access

Switch(config-if)#switchport port-security

Switch(config-if)#switchport port-security maximum 1


Task 2

Switch(config-if)#switchport port-security violation shutdown