Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Port security on etherswitch module

Tell me if I understand this correctly.

You use the: mac-address-table secure <mac-address> fastethernet slot/port [vlan <vlan id>] command to lock specific MACs to specific interfaces.

So I take it there is no equivalent to the: switchport port-security mac-address sticky command? Meaning you have to manually enter ever MAC address you wish to use on an interface?

My biggest question is what is going to happen when a new MAC is plugged into an interface that has not been specified with the 'mac-address-table secure' command? Will the interface prohibit the new MAC from communicating? And if so, how do you troubleshoot this? (determine a new MAC was plugged in)


Re: Port security on etherswitch module


The Sticky feature enables a switch to dynamicly learn the Mac-address entry, you dont have to specify a static mac-address when pluggs a device to the Switch.

As for the action, its configurable, you can specify what a ction you want a switch to take if it learns other mac-address other than the 1st learned one. also you can specify the maximum mac-addresses a security port could accept.


sh mac-address-table interface (x)




Re: Port security on etherswitch module

Bt default on port-security it uses one mac-address which dynamically it learns. If you want to put another mac on the port it will not accept. If you want to add the another one then you have to use

switchport port-security maximum 2

it means now the port can store the 2 addresses it can go up to the capacity of your CAM.

if you wonot specify the above the command it will workmwith only one address



New Member

Re: Port security on etherswitch module

The 2851 router does not support switchport port-security command and If I have each port of the ethermodule connecting to a IP phone and PC .

then what are my options as i am not able to secure these Mac address with their respective VLANs to a single interface