What is Switchport port security command?

The switchport security feature offers the ability to configure a switchport so that traffic can be limited to only a specific configured MAC address or list of MAC addresses.

How do I enable port security on a Cisco switch?

Configuration Steps:

  1. Your switch interface must be L2 as “port security” is configure on an access interface.
  2. Then you need to enable port security by using the “switchport port-security” command.
  3. This step is optional, but you can specify how many MAC addresses the switch can have on one interface at a time.

How is port security implemented on a switch?

To configure port security, three steps are required:

  1. define the interface as an access interface by using the switchport mode access interface subcommand.
  2. enable port security by using the switchport port-security interface subcommand.

What is the default port security setting on a switch port?

If you enable switch port security, the default behavior is to allow only 1 MAC address, shutdown the port in case of security violation and sticky address learning is disabled. Next, we will enable dynamic port security on a switch.

Why do we use Switchport Nonegotiate?

switchport nonegotiate: Prevents the interface from generating DTP frames. You can use this command only when the interface switchport mode is access or trunk. You must manually configure the neighboring interface as a trunk interface to establish a trunk link.

How do you stop DTP?

There are two ways to disable DTP negotiation:

  1. Configure the interface for access mode.
  2. Use the switchport nonegotiate command on the interface.

How do I check my port security violations?

Use show port-security interface to see the port security details per interface. You can see the violation mode is shutdown and that the last violation was caused by MAC address 0090.

Why would you enable port security on a switch?

The main reason to use port security in a switch is to stop or prevent unauthorized users to access the LAN.