Port Security
Overview
Port security feature can limit the connection of the device at layer 2.
Violation Mode
| Mode | Description |
|---|---|
| Shutdown | The port immediately is put into the errdisable state, which effectively shuts it down. It must be reenabled manually or through errdisable recovery to be used again. |
| Restrict | The port is allowed to stay up, but all packets from violating MAC addresses are dropped. The switch keeps a running count of the number of violating packets and can send an SNMP trap and a syslog message as an alert of the violation. |
| Protect | The port is allowed to stay up, as in the restrict mode. Although packets from violating addresses are dropped, no record of the violation is kept. |
Example
R1(config-if)# switchport port-security
R1(config-if)# switchport port-security maximum max-addr
R1(config-if)# switchport port-security mac-address mac-addr
R1(config-if)# switchport port-security mac-address sticky
R1(config-if)# switchport port-security violation {protect | restrict | shutdown}
show interface status err-disabled