Cisco ACI Port Security – Summary
Purpose:
Controls the number of MAC addresses that can be learned on an interface to
prevent unauthorized access and MAC flooding.
⚙️ Key Features
- MAC Limit: Set a maximum number of MAC addresses
per interface (0–12000).
- Protect Mode: Only supported violation action.
- Excess MAC addresses are dropped.
- MAC learning is disabled temporarily.
- Learning resumes after a timeout
(default: 60 seconds).
- Supported Interfaces: Physical ports, port channels, and vPCs.
- Monitoring: Faults and syslogs are generated when
limits are exceeded.
🚫 Restrictions
- Not supported on Fabric Extender
(FEX) ports.
- Only MAC address limits are enforced (not MAC+IP).
🛠️ Configuration Path in APIC GUI
- Fabric → Access Policies → Interface
Policies → Port Security
- Create and attach the policy to an Interface
Policy Group
- Bind the group to a Switch Profile
