Blog

Configure Switch Port Security with Manual Static MAC Address

  • Post category:Blog
  • Post comments:0 Comments
  • Reading time:3 mins read

Configure Switch Port Security with Manual Static MAC Address

In this tutorial, we will learn how to configure switch port security with a manual static MAC address on a Cisco switch. This configuration ensures that only a device with a specific MAC address can connect to a particular switch port, enhancing network security by preventing unauthorized devices from accessing the network.

Topology

Configure Switch Port Security with Manual Static MAC Address Topology
Configure Switch Port Security with Manual Static MAC Address Topology

Topology Overview

The topology consists of a switch (S1) and a PC (PC1). The PC is connected to the switch’s FastEthernet 0/1 (Fa0/1) port. We will configure port security on this switch port to allow only the PC with a specific MAC address (000A.F3DA.18DA) to connect to it.

Type of  Switch Port Security

  1. Switch Port Security with Dynamic Port
  2. Switch Port Security with Manual Static MAC Address
  3. Switch Port Security with MAC Address Sticky
  4. Switch Port Security with Violation (Shutdown, Restrict, Protect)

Steps to Configure Switch Port Security

  1. Enter privileged EXEC mode: 
    Switch>enable
  2. Enter global configuration mode: 
    Switch#configure terminal
  3. Set the hostname for the switch (optional): 
    Switch(config)#hostname S1
  4. Specify the interface to be configured: 
    S1(config)#interface fastEthernet 0/1
  5. Set the port to access mode: 
    S1(config-if)#switchport mode access
  6. Enable port security: 
    S1(config-if)#switchport port-security
  7. Assign a static MAC address to the port: 
    S1(config-if)#switchport port-security mac-address 000A.F3DA.18DA
  8. Exit interface configuration mode: 
    S1(config-if)#exit
  9. Save the configuration: 
    S1(config)#do write

Summary

By following the above steps, we have successfully configured switch port security on interface FastEthernet 0/1 to allow only the device with MAC address 000A.F3DA.18DA to connect. Any other device with a different MAC address will be disallowed from accessing this port.

Verification

To verify the configuration, you can use the following command to check the port security settings:

S1#show port-security interface fastEthernet 0/1

This command will display the port security details, including the MAC address allowed and the security status of the port.

Conclusion

Switch port security is a crucial feature to secure your network by restricting access to only authorized devices. Configuring a manual static MAC address adds an extra layer of security, ensuring that only a specific device can connect to the network through a designated port.

5 1 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments