I need to put this interface in access mode and then try again: Interesting! This port is in dynamic desirable mode and does not accept port-security that means it is actively looking forward to creating an ISL or Dot1q trunk link (based on negotiation result). Port Vlans in spanning tree forwarding state and not pruned Port Vlans allowed and active in management domain Port Mode Encapsulation Status Native vlan The hub is connected to E0 and I want to let only one device to be able to use this port at a time.Ĭommand rejected: Ethernet0/0 is a dynamic port. I have 3 devices connected to this switch, two of them to the same port (via a hub).
Total Mac Addresses for this criterion: 3 The port status is secure-down and no violation mode is configured. Last Source Address:Vlan : 0000.0000.0000:0Īnd you can see that port-security is disabled by default. To check port-security status I execute the following command: SW1#sh int e0/0 switchport | in Switchport However, port-security can be configured on trunk ports, too.īefore doing this I check interface switchport status: You can execute switchport command to change to layer 2 mode if you have changed it before.Īlso the port should be in access mode. By default switch ports are in switchport mode. To configure a switch port for port-security, first it should be in layer 2 mode (switchport mode). When you want to explicitly tell your switch which devices can connect (based on MAC address of those devices).When you want to limit the number of devices that can connect to a port on your switch.The topology is very simple and I am using only one switch with a number of PCs. In this article I am going to show you the effect of port-security on switch ports.