Configure MAC Rule of Port Security

Network Requirements

• PC1, PC2, and PC3 are connected to the server via Device; PC and the server are in the same LAN.
• Configure the port security rule on Device, permitting PC1 and PC2 to access the server and refusing PC3 to access the server.

Network Topology

Figure 3–2 Networking of configuring the MAX rule of the port security

Configuration Steps

Step 1: Configure VLAN.

#Create VLAN.

#Configure the port link type on gigabitethernet0/1-gigabitethernet0/2 of Device as Access, permitting the services of VLAN2 to pass.

Step 2: Configure the port security rule on Device.

#Configure the MAX rule on gigabitethernet0/1 of Device. The maximum number of the MAC rules is 3.

#Refuse PC3 to access the server on giabitethernet0/1 of Device.

Step 3: Check the result.

#The three PCs try to communicate with the server respectively. You can see that PC1 and PC2 can access the server and PC3 cannot access the server. View the effective entries of the port security on gigabitethernet0/1 of Device and you can see that the MAC addresses of PC1 and PC2 are written to the effective entries of the port security.

Device#show port-security active-address   
----------------------------------------------------------------------------------            
Entry Interface   MAC  address          VID    IP/IPv6  Addr  Derivation  Age(Sec)
----------------------------------------------------------------------------------
1     gi0/1       00:50:ba:0c:89:a3 2   ---    FREE           0     
2     gi0/1       38:83:45:EF:79:84 2	FREE   0     
Total Mac Addresses for this criterion: 2