Port Security : port in err-disabled state..

Cisco CCNA Port Security Lab that you can practice in Cisco Packet Tracer, Cisco Modeling Labs (CML), or on real equipment.

Topology

        PC1
|
Fa0/1
+---------+
| Switch |
+---------+
  • PC1 → Switch Fa0/1

IP Address (optional):

  • PC1: 192.168.1.10/24

Step 1: Configure the Interface

Switch> enable
Switch# configure terminal

Switch(config)# interface fastethernet0/1
Switch(config-if)# switchport mode access

Step 2: Enable Port Security

Switch(config-if)# switchport port-security

Step 3: Allow Only One MAC Address

Switch(config-if)# switchport port-security maximum 1

Step 4: Learn the MAC Address Automatically

Switch(config-if)# switchport port-security mac-address sticky

The switch learns the first connected device's MAC address and saves it as a secure MAC.


Step 5: Configure the Violation Mode

Switch(config-if)# switchport port-security violation shutdown

Other options are:

  • protect
  • restrict
  • shutdown (default and most commonly used)

Step 6: Enable the Port

Switch(config-if)# no shutdown
Switch(config-if)# end

Verify the Configuration

Check port security:

Switch# show port-security

Check the interface details:

Switch# show port-security interface fa0/1

View the learned MAC address:

Switch# show port-security address

Test the Lab

  1. Connect PC1 and generate some traffic (for example, ping the default gateway or another device).
  2. Verify that the MAC address has been learned.
  3. Disconnect PC1.
  4. Connect PC2 (with a different MAC address) to Fa0/1.
  5. The switch should detect a security violation.

With violation shutdown, the interface goes into the err-disabled state.

Comments

Popular posts from this blog

🖧 VLAN (Virtual Local Area Network)

🌐 NAT (Network Address Translation)

🛰️ OSPF (Open Shortest Path First)