Configuring port MAC security

The following steps are the common operations that you will need to perform for configuring port MAC security.

  1. Enter the configure terminal command to enter global configuration mode. 
    device# configure terminal
  2. Enter the interface configuration mode to configure interface-specific administrative features for port MAC security. 
    device(config)# interface Ethernet 3/2
  3. Define the interface in Layer 2 mode to set the switching characteristics of the Layer 2 interface. 
    device(conf-if-eth-3/2)# switchport
    All Layer 2 interfaces are mapped to default VLAN 1 and the interface is set to access mode. For changing the interface configuration mode to trunk or changing the default VLAN mapping, use additional switchport commands.
  4. Enable port MAC security on the interface. 
    device(conf-if-eth-3/2)# switchport port-security
  5. Set the maximum number of secure MAC addresses for an interface. 
    device(conf-if-eth-3/2)# switchport port-security max 10
    For dynamically learned MAC addresses, the maximum limit is 8192 per port which is also the default value.
  6. Specify the auto recovery time for port security violation. 
    device(conf-if-eth-3/2)# switchport port-security shutdown-time 4
  7. Specify secure MAC address. 
    device(conf-if-eth-3/2)# switchport port-security mac-address 0000.00eb.2d14 vlan 2
  8. Enable sticky MAC learning on the port to convert the dynamically learned MAC addresses to sticky secure MAC addresses. 
    device(conf-if-eth-3/2)# switchport port-security sticky
  9. Configure port security with sticky MAC address. 
    device(conf-if-eth-3/2)# switchport port-security sticky mac-address 0000.0018.747C vlan 5

Example

The following example shows the steps to configure port MAC security. 

device# configure terminal
device(config)# interface Ethernet 3/2
device(conf-if-eth-3/2)# switchport
device(conf-if-eth-3/2)# switchport port-security
device(conf-if-eth-3/2)# switchport port-security max 8192
device(conf-if-eth-3/2)# switchport port-security shutdown-time 4
device(conf-if-eth-3/2)# switchport port-security mac-address 0000.00eb.2d14 vlan 2
device(conf-if-eth-3/2)# switchport port-security sticky mac-address 0000.0018.747C vlan 5
device(conf-if-eth-3/2)# switchport port-security violation shutdown
9036684-01 Rev AA