Port security - Cisco switches

Switchport security associates specific MAC addresses of PCs with specific interfaces on a switch. It gives you the ability to restrict to a switch interface so that only authorised devices can use it. You can define the port action with three different modes : Protect(sends an alert), restrict(discards), shutdown(closes the port)

Implement Port security 

Build a simple topology and assign IP addresses to the PCs:

In the below command list I have:

-set the switchport as an access port 

-enabled port security

-defined which mac addresses are allowed through the interface (sticky dynamically learns of mac addresses currently connected to the host

Now we can define the action that the switch will take when it receives a frame from an unauthorised device. This is done using the switchport port-security violation (protect, or restrict or shutdown) 

Then define the maximum number of MAC addresses that can be received on the switch using the following command switchport port-security maximum 1 (1 is the number that can be changed)

That's the configuration done for fa0/1 we just need to repeat it for Fa0/2. Interface range fa0/1-2 would have done this together to avoid doing two separate configs.

Finally if we ping between the two pcs and run the show port-security interface fa0/1 command on the switch .You can now see the maximum allowed devices, port status and the mac address that has passed through.