Adding an Authorized Device to a Port
To simply add a device (MAC address) to a port’s existing Authorized Addresses list, enter the port number with the mac-address parameter and the device’s MAC address. This assumes that Learn Mode is set to static and the Authorized Addresses list is not full (as determined by the current Address Limit value). For example, suppose port A1 allows two authorized devices, but has only one device in its Authorized Address list:
With the above configuration for port A1, the following command adds the 0c0090-456456 MAC address as the second authorized address.
switch(config)# port-security a1 mac-address 0c0090- 456456
After executing the above command, the security
configuration for port A1 would be:
(The message Inconsistent value appears if the new MAC address
exceeds the current Address Limit or specifies a device that is already
on the list. Note that if you change a port from static to continuous
learn mode, the port retains in memory any authorized addresses it
had while in static mode. If you subsequently attempt to convert the
port back to static mode with the same authorized addresses, the Inconsistent
value message appears because the port already has the addresses in
its “Authorized” list.) If you are adding a device (MAC address) to
a port on which the Authorized Addresses list is already full (as
controlled by the port’s current Address Limit setting), then you
must increase the Address Limit in order to add the device, even if
you want to replace one device with another. Using the CLI, you can
simultaneously increase the limit and add the MAC address with a single
command. For example, suppose port A1 allows one authorized device
and already has a device listed:
To add a second authorized device to port A1, execute a port-security
command for port A1 that raises the address limit to 2 and specifies
the additional device’s MAC address. For example:
switch(config)# port-security a1 mac-address 0c0090- 456456 address-limit 2