Cisco Support Community
Community Member

MAC Filtering on Ethernet connection

Dear Cisco Support ,

i am an IT Infrastructure at SABIS Educatinal Services. the company is composed from three floors, and each each floor has 2 wings east and west, and in each wing we have 4 cisco switches catalyst 2960 series. i have a project for this year to make a mac filtering on the network on the wire connection(each device can use only his approved port on the switch via his mac address, if he try to plug his device in other plug no connection will be available.)

my question it possible to do that using cisco switches? if yes what is the way to do that?is there any cisco software with interface able to do that? i have in my home a Dlink wireless router and i am able to do a mac filtering on the wireless level.


thanks for the help and hope you can help me.


regards ,



VIP Purple

Port-Security with sticky MAC

Community Member

Dear Karsten ,i want first to

Dear Karsten ,

i want first to thank you for your reply on my post.

second i want to ask you a question : if i have 20 switches, and each switch has 24 port, so i need to configure 480 ports? in other word i want to access each switch and using the command mentioned in the document to configure each port?

regards ,


Tony M.

VIP Purple

When you want it on all ports

When you want it on all ports, it's only 20 times the config on all ports in a port-range. That's easy to handle.

Community Member

Dear Karsten ,thank you so

Dear Karsten ,

thank you so much for your replies, i really appreciate your help for me. unfortunately i need your help again. i used the following command to apply the port-security on the switch ports.


#conf t

#interface f0/1

#switchport mode access

#switchport port-security

#switchport port-security maximum 1

#switchport port-security mac-address sticky

#switchport port-security violation shutdown



question 1 : what does the sticky command exactly do? and what the difference between #switchport port-security mac-address sticky and #switchport port-security mac-address 0001.2BDE.UHT5

question 2 : if i restart the switch the configuration will gone or it is still saved in the switch configuration?

question 3:if i have a device where his MAC address is allowed on a port on the switch, and for some reason the device is damage and needs to be replaced by a new one. what is the way to allow the new device to access the same port?

question 3 : how to disable the port-security on a port?

question 4 : if a device or mac address is not allowed on a port, once is plugged in this port a violation is declared and in our case the port will shutdown. if i take this mac address and plug it on the same switch using another port where port-security is disable, the device is blocked or not on the port?

i want to thank you again for all your help for me.


have a good day.

best regards ,



CreatePlease to create content