Switch Port Security limits the number of valid MAC addresses allowed on a port, effectively preventing unauthorized devices from joining the network.
Violation Modes
- Protect: Drops frames from unknown MACs, no syslog message.
- Restrict: Drops frames, sends a syslog message, and increments the violation counter.
- Shutdown (Default): Error-disables the port entirely and sends a syslog message.
Sticky MAC Addresses
Instead of manually typing out MAC addresses, you can use the "sticky" feature to have the switch dynamically learn the first MAC address it sees and write it to the running-config.
Switch(config-if)# switchport port-security mac-address sticky