Configuring Port Security

Configuring port security prevents unknown devices from connecting to ports without your knowledge.

When a port is secure, a user-specified action occurs whenever an address-security violation occurs. This action is either an SNMP trap (see Managing SNMP for details), a shutdown of the receiving port, or both. Address-security violations occur under these conditions:

You can check port security settings by selecting Port > Port Security, which displays the Port Security window.

You can also use the Port Security window to configure secure ports and define secure MAC addresses. On Catalyst 2900 XL, Catalyst 2950, and Catalyst 3500 XL switches, a secure port can support up to 132 secure addresses; on Catalyst 3550 switches, up to 128 secure addresses. If you do not assign secure addresses, the port learns the source address of incoming packets, automatically assigns a secure address, and continues learning until the table contains the maximum number of secure addresses defined for the port. If a secure address is deleted from the address table, the port begins learning again. When port security is enabled, the Maximum Addresses field is automatically set to 132 (on Catalyst 2900 XL, Catalyst 2950, and Catalyst 3500 XL switches) or 128 (on Catalyst 3550 switches).

Note: Only a static-access port can be a secure port. You cannot enable port security on a network port, an ATM port, a multi-VLAN port, a dynamic-access port, a trunk port, a port group, or a monitor port.