Adding an authorized device to a port

To simply add a device (MAC address) to a port’s existing Authorized Addresses list, enter the port number with the mac-address parameter and the device’s MAC address. This assumes that Learn Mode is set to static and the Authorized Addresses list is not full (as determined by the current Address Limit value). For example, suppose port A1 allows two authorized devices, but has only one device in its Authorized Address list:

Adding an authorized device to a port

With the above configuration for port A1, the following command adds the 0c0090-456456 MAC address as the second authorized address.

switch(config)# port-security a1 mac-address 0c0090-456456

After executing the above command, the security configuration for port A1 would be:

Adding a second authorized device to a port

(The message Inconsistent value appears if the new MAC address exceeds the current Address Limit or specifies a device that is already on the list. Note that if you change a port from static to continuous learn mode, the port retains in memory any authorized addresses it had while in static mode. If you subsequently attempt to convert the port back to static mode with the same authorized address(es), the Inconsistent value message appears because the port already has the address(es) in its “Authorized” list.)

If you are adding a device (MAC address) to a port on which the Authorized Addresses list is already full (as controlled by the port’s current Address Limit setting), then you must increase the Address Limit in order to add the device, even if you want to replace one device with another. Using the CLI, you can simultaneously increase the limit and add the MAC address with a single command. For example, suppose port A1 allows one authorized device and already has a device listed:

Port security on port A1 with an address limit of “1”

switch(config)# show port-security 1
 Port Security

 Port : 1
 Learn Mode [Continuous] : Static Address Limit [1] : 2
 Action [None] : None
 Eavesdrop Prevention [Enabled] : Enabled

 Authorized Addresses
 --------------------
 0c0090-123456
 0c0090-456456

To add a second authorized device to port A1, execute a port-security command for port A1 that raises the address limit to 2 and specifies the additional device’s MAC address. For example:

switch(config)# port-security a1 mac-address 0c0090-456456 address-limit 2