Cisco WS-C2960G-8TC-L Configuration page 19

12. At the top of the simulator in the menu bar, click the eStations icon and
You should be more comfortable with the CAM table on Cisco switches.
CERTIFICATION OBJECTIVE 12.05
Port Security Feature
Port security is a switch feature that allows you to lock down switch ports based on
the MAC address or addresses associated with the interface, preventing unauthorized
access to a LAN. For example, if MAC address 0001.001c.dddd is supposed to be
off of fa0/1, but it is seen off of fa0/2, this would be considered a security violation.
Or, if more addresses are seen off the interface than you allow, this would also be
considered a violation. As an administrator, you control what should happen when
a violation occurs, be it generating a notification about the issue, dropping traffic
Port security and/or
802.1x can be used lock down ports on a
switch, preventing unauthorized access to
your LAN network.
Port Security Configuration
Starting in IOS 12.1(6)EA2, Cisco standardized how port security is configured on
its switches. The entire configuration is performed on an interface-by-interface basis
by using the switchport commands:
switch(config)# interface fastethernet|gigabit 0/port_#
switch(config-if)# switchport mode access
switch(config-if)# switchport access vlan VLAN_#
choose Host-2. Enter ipconfig /all and compare the MAC address of
the PC to that learned by the 2950-1 switch on fastethernet0/4.
Port Security Feature
for the MAC address that caused the violation,
or completely disabling the port where the
violation occurred.
The port security feature will not work
on trunk ports (Chapter 13), switch port
analyzer ports (SPANs), and EtherChannel
ports (Chapter 14). However, it is compatible
with 802.1x (Chapter 5) and Voice VLANs
(Chapter 13).
375