Beginning in privileged EXEC mode, follow these steps to enable port security: Command Purpose
Step 1 configure terminal Enter global configuration mode.
Step 2 interface interface Enter interface configuration mode for the port you want to secure.
Step 3 switchport port-security Enable basic port security on the interface.
Step 4 switchport port-security maximum (X) the maximum number of MAC addresses that is allowed on this interface.
Step 5 switchport port-security violation {shutdown | restrict | protect}Set the security violation mode for the interface.The default is shutdown.For mode, select one of these keywords:
• shutdown — The interface is shut down immediately following
a security violation.
• restrict —A security violation sends a trap to the network
management station.
• protect — When the port secure addresses reach the allowed
limit on the port, all packets with unknown addresses are
dropped.
Step 6 end Return to privileged EXEC mode.
Step 7 show port security [interface interface-id | address] Verify the entry.
Disabling Port Security: no switchport port-security
Note: If the port link goes down, all the dynamically learned addresses are removed.
