Port security is a feature supported on Cisco Catalyst switches that
restricts a switch port to a specific set and/or number of MAC addresses.
Those addresses
can be learned dynamically or configured statically. The port will then provide
access to frames from only those addresses. If, however, the number of
addresses is limited to four, but no specific MAC addresses are configured,
then the port will allow any four MAC addresses to be learned dynamically and
port access will then be limited to those four dynamically learned
addresses.
There is a port security feature called "sticky
learning" available on some switch platforms that combines the features of
dynamically learned and statically configured addresses. When configure on an
interface, the interface converts dynamically learned addresses to "sticky
secure" addresses. This adds them to the running-configuration as if they
were configured using the switchport port-security
mac-address command.
Scenario
Let us suppose that
we have five individuals whose laptops would be allowed to connect to a
specific switch port when they visit an area of the building. We want to
restrict switch port access to the MAC addresses of those five laptops only and
allow no addresses to be learned dynamically on that port.
Process
Here is the process that can achieve the desired results
for this scenario.

 |
NOTE:
Port security cannot be applied to trunk ports where addresses might
change frequently. Implementations of port security vary by Catalyst platform.
Check documentation to see if and how particular hardware supports this
feature.
|