Configures the violation response action for port security on an interface.
The port shuts downs if port security violation occurs.
Interface configuration mode
If a MAC address already learned on a secured port ingresses on a non-secured port or through another secured port, it is not considered security violation. In this scenario, MAC movement happens if it is a dynamically learned MAC address. If it is a static MAC address or sticky MAC address, MAC movement does not happen, but the traffic is switched (flooded or forwarded) based on the destination MAC address.
If the port shuts down after security violation, an administrator can explicitly bring up the interface or a shutdown timer can be configured using the switchport port-security shutdown-time command. After the configured shutdown time, the interface automatically comes up and the port security configuration remains configured on the port.
When the device reboots after port shutdown due to security violation, the ports come up in the shutdown state.
The following example configures the violation response action as shutdown for port security on an interface:
device(config)# interface Ethernet 3/2 device(conf-if-eth-3/2)# switchport device(conf-if-eth-3/2)# switchport port-security violation shutdown