Port security is just another way network engineers can lock down their network by using the variety of switchport security settings offered on Cisco switching equipment. This article will discuss locking down ports on Cisco switches on a layer 2 level. ACLs focus on source/destination IP addresses on the layer 3 side, while switchport security settings allow you to control which layer 2 MAC addresses are allowed to connect to a certain switch port. Learning this is key to being a successful engineer and working your way up to a CCNA.

Mac Address Tables

Just as a quick reminder, remember the sh mac address command will give you a quick summary of each switch port and any MAC addresses associated with it. If two switches are connected together, you will see all the MAC addresses from the devices connected to the other switch under the single switch-to-switch connection. You will also see a MAC address of the switch port. Generally speaking, you will only see switch port MAC addresses when switches are connected together, not when an end device is connected to a switch port.

Looking at Switch0 you can see multiple MAC addresses on port 1. One is for the switch-to-switch connection, and the other MAC is for the end device- PC0.

Switch Port Security

To configure switch port security, go to global configuration mode. Use the command



Please enter your comment!
Please enter your name here