Port Security and Storm Control in Manage Switch

network port image


You can use port security with dynamically learned and static MAC addresses to restrict a port’s ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port. When you assign secure MAC addresses to a secure port, the port does not forward ingress traffic that has source addresses outside the group of defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the device attached to that port has the full bandwidth of the port.

A security violation occurs in either of these situations:

When the maximum number of secure MAC addresses is reached on a secure port and the source MAC address of the ingress traffic is different from any of the identified secure MAC addresses, port security applies the configured violation mode.

If traffic with a secure MAC address that is configured or learned on one secure port attempts to access another secure port in the same VLAN, applies the configured violation mode.

Please refer below link for configuring details:

Cisco Port Security Configuration

Port Security with Sticky MAC Addresses

Port security with sticky MAC addresses provides many of the same benefits as port security with static MAC addresses, but sticky MAC addresses can be learned dynamically. Port security with sticky MAC addresses retains dynamically learned MAC addresses during a link-down condition.



Storm-control is a very useful command for all switch-ports which allows you to set limits for Broadcast and Multicast traffic. When those limits are exceeded, traffic of that type is blocked on the interface until the storm has passed.

There are a couple of reasons why you may encounter large amounts of multicast or broadcast traffic on a LAN:

  1. There are lots of Multicast/Broadcast applications
  2. There is a bridging loop
  3. A device is malfunctioning and spamming the network

So why Storm Control is useful?

The major advantage to storm control is in the situation of a bridging loop. Typically it will be broadcast and multicast traffic that takes the network down as it gets perpetually forwarded.

With storm control the damage is limited, hopefully enough to allow LAN access to continue with reduced performance. It may not keep the users happy but it should allow you to remotely troubleshoot the network.

Please refer below link for storm control configuration

Storm Control configuration






Leave a comment

Your email address will not be published.