switchport port-security

About port-security.

To enable / configure port-security on Switch interface

1. Switch port must be access mode. Port security cannot configure in the interface Dynamic Desirable mode.
2. By default, the switchport security feature is disabled on all switchports and must be enabled.

----------------------------------------------------------

>>>   Step 1. checking interface fa0/4 admin mode status

SW#sh interfaces fa0/4 switchport

Name: Fa0/4

Switchport: Enabled

Administrative Mode: dynamic auto

Operational Mode: static access

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: native

>>>  Step 2. configuring port security in interface fa0/4

SW(config)#int fa0/4

SW(config-if)#switchport port-security 

Command rejected: FastEthernet0/4 is a dynamic port.

>>>  Step 3. configuring  interface fa0/4 as access port

SW(config)#int fa0/4

SW(config-if)#switchport mode access

SW(config-if)#switchport port-security 

SW(config-if)#end

SW#show port-security interface fastEthernet 0/4

Port Security                 : Enabled

Port Status                    : Secure-up

Violation Mode             : Shutdown

SW#show port-security 

Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action

               (Count)       (Count)        (Count)

--------------------------------------------------------------------

        Fa0/4        1          0                 0         Shutdown

----------------------------------------------------------------------

######################  END  #########################

reference from / Further Studies...

https://supportforums.cisco.com/document/26331/how-configure-port-security-cisco-catalyst-switches-run-cisco-ios-system-software

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/port_sec.html#wp1047772