As per the diagram, the topology consists of three users connected to the FastEthernet 0/12 switchport via a hub. So logically, three MAC addresses are connected to the switchport.
The lab objective is to allow only PC0, that is, MAC address 00E0.B04D.2789:
Configuring port security:
- Enable port security on the FastEthernet 0/12 interface:
Switch(config)#interface FastEthernet 0/12
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
- Enable the number of users allowed. Since we want to allow only one user, we can define the value as 1:
Switch(config-if)#switchport port-security maximum 1
- Enable the user's specific MAC address, if required. By default, the switchport will use a method called sticky that associates any random MAC to be the trusted user. But here we want to associate a specific user. Hence we explicitly specify the MAC address:
Switch(config-if)#switchport port-security mac-address 00E0.B04D.2789
- Provide the violation method, which defines how the switch will react when it receives an unauthorized MAC address on its port:
Switch(config-if)#switchport port-security violation shutdown
- Verify the port's security:
Switch#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
--------------------------------------------------------------------
Fa0/12 1 1 0 Shutdown
----------------------------------------------------------------------
This verifies that the port's security has been configured on FastEthernet 0/12.
- Initiate some bad traffic, that is, try to use the port from another MAC address:
We will initiate an ICMP echo request to the server from PC1, which is now the unauthorized user:
The packets have been dropped. Let's confirm whether the port's security initiated this action:
Switch#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
--------------------------------------------------------------------
Fa0/12 1 1 1 Shutdown
From the output, we can realize that the security violation count has incremented to 1 from 0, which confirms that the port's security initiated the packet to be dropped and to error-disable the port.