31 Days Before Your CCNA Exam

Day 26 57Table 26-2Actions When Port Security Violation OccursOption on the switchport Protect Restrict Shutdownport-security violation CommandDiscards offending traffic Yes Yes YesSends log and SNMP messages No Yes YesDisables the interface, discarding all traffic No No YesExample 26-1 shows a port security configuration where each access interface is allowed a maximumof three MAC address. If a fourth MAC is detected, only the offending device’s traffic willbe discarded. If the violation option is not explicitly configured, the traffic for devices that areallowed on the port would also be discarded because the port would be shut down by default.Example 26-1A Port Security Configuration ExampleS1(config)#interface range fa 0/5 - fa 0/24S1(config-if-range)#switchport mode accessS1(config-if-range)#switchport port-securityS1(config-if-range)#switchport port-security maximum 3S1(config-if-range)#switchport port-security violation restrictS1(config-if-range)#switchport port-security mac-address stickyTo verify port security configuration, use the more general show port-security command or themore specific show port-security interface type number command. Example 26-2 demonstratesthe use of both commands. In the examples, notice that only one device is currently attached to anaccess port on S1.Example 26-2Port Security Verification Command Output ExamplesS1#show port-securitySecure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action(Count) (Count) (Count)---------------------------------------------------------------------------Fa0/5 3 1 0 RestrictFa0/6 3 0 0 RestrictFa0/7 3 0 0 RestrictFa0/8 3 0 0 RestrictFa0/9 3 0 0 RestrictFa0/10 3 0 0 RestrictFa0/11 3 0 0 RestrictFa0/12 3 0 0 RestrictFa0/13 3 0 0 RestrictFa0/14 3 0 0 RestrictFa0/15 3 0 0 RestrictFa0/16 3 0 0 RestrictFa0/17 3 0 0 Restrict