In the network shown in Figure 6-15, a hub has been connected to interface fa0/1 of SwitchA. It is an 8-port hub but only 5 hosts are allowed to connect to it. The administrator wants to ensure that only 5 hosts can connect. HostA and HostB along with any 3 other hosts can connect to the hub. Configure port security on switchport fa0/1 to fulfill this requirement. In case of a violation, the port should not be put in an error disabled mode but the administrator should be informed.

Figure 6-15 Lab 6-1

Solution 

The lab requires configuring port security such that a maximum of 5 hosts can connect at a time. The MAC addresses of the two hosts also need to be added to port security and the violation mode must be changed to restrict. The configuration required is shown below:

SwitchA#configure terminal
SwitchA(config)#interface fa0/1
SwitchA(config-if)#switchport port-security
SwitchA(config-if)#switchport port-security maximum 5
SwitchA(config-if)#switchport port-security mac-address 0014.bc1e.76ab
SwitchA(config-if)#switchport port-security mac-address 0014.911e.742f
SwitchA(config-if)#switchport port-security violation restrict 

You can verify the configuration using the show port-security command as shown below:

NAC-Main-L3#show port-security
Secure Port  MaxSecureAddr  CurrentAddr  SecurityViolation  Security Action
(Count)                 (Count)           (Count)
——————————————————————————————————-
      fa0/1              5                          2                       0                       Restrict
——————————————————————————————————–