switchport port-security limit rate invalid-source-mac EFFECT

Unanswered Question
Dec 15th, 2009
User Badges:


If i apply this command to a trunk port which connects to switches, and it reaches to limit what is the action?

switchport port-security limit rate invalid-source-mac

down the link  OR drop invalid mac-addressed packets?

Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sachinraja Tue, 12/15/2009 - 11:45
User Badges:
  • Red, 2250 points or more

Hi Akyuznet

It actually depends on what violation policy you apply:

switchport port-security violation{shutdown | restrict | protect}

with shutdown, it basically shuts the port, with restrict/protect option, it will not shut the port, but will drop the packets later...

Hope this helps.. all the best..


Giuseppe Larosa Wed, 12/16/2009 - 01:53
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Akyuznet,

this command introduces a rate limit in number of invalid MAC addresses events on the port.

This is probably there as a form of defense from a possible denial of service caused by processing these events.

switchport port-security limit rate ?
  invalid-source-mac  Invalid source packet rate limit (packets per second)

switch(config-if)#switchport port-security limit rate inv
switch(config-if)#switchport port-security limit rate invalid-source-mac ?
  <0-1000>  Packets per second
  none      Disable invalid source mac address rate limit

it may help in keeping low the cpu usage. or it can be seen as a way to control the rate of  unsecure mac addresses on the port.

Hope to help


Akhtar Samo Tue, 10/23/2012 - 01:12
User Badges:

Hi Giuseppe,

Can you suggest an ideal threshold rate limit value for 4507 switches?




This Discussion