What is Port Security

Port Security

Port Security is a network switch security feature that allows only specific or limited MAC addresses to connect to a switch port and blocks or disables the port when an unauthorized device tries to access the network, helping to protect the LAN from unknown devices and security threats.

Port Security – Example

Example 1 (Office Network)

In a company office, Port 5 of a switch is assigned to a desktop computer with MAC address 00:1A:2B:3C:4D:5E. Port Security is enabled so only this device can use the port. If another laptop is connected to Port 5, the switch detects a different MAC address and blocks the connection or shuts down the port.

Example 2 (School Lab)

In a computer lab, each switch port is configured with Port Security to allow only one PC per port. If a student tries to connect a personal laptop or switch to the same port, the network blocks it, preventing unauthorized access and maintaining control over the lab network.

Example 3 (Server Room)

A server is connected to a switch port with Port Security enabled. Only the server’s MAC address is allowed. If someone tries to connect another device to that port, the switch immediately disables the port to protect important business data and services.

1. Definition

Port Security is a security feature available on managed network switches that controls which devices are allowed to connect to a specific switch port. It works mainly by checking the MAC address of connected devices. The network administrator can configure the switch port to accept only approved MAC addresses or limit how many devices can connect to that port. This prevents unknown or unauthorized devices from joining the network.

2. How Port Security Works

When a device connects to a secured switch port, the switch reads the device’s MAC address and compares it with the allowed MAC address list configured on that port. If the MAC address matches, the device is allowed to communicate on the network. If the MAC address is unknown or exceeds the allowed device limit, the switch treats it as a security violation and takes action based on configuration.

3. Violation Actions

If an unauthorized device connects, the switch can respond in different ways. In Protect mode, the switch silently drops traffic from the unauthorized device. In Restrict mode, the switch drops traffic and also records logs or sends alerts to the administrator. In Shutdown mode, the switch completely disables the port until the administrator manually enables it again. Shutdown mode is commonly used for stronger security.

4. Why Port Security Is Needed

Port Security is important because it protects the network from unauthorized access. Without it, any person could connect a laptop, switch, or unknown device to an office network port and gain access to internal resources. Port Security also helps prevent MAC flooding attacks, where attackers try to overload the switch MAC table to intercept traffic. It improves control over who and what can connect to the network.

5. Real Example

Suppose a company office PC with MAC address 00:1A:2B:3C:4D:5E is connected to Switch Port 5. The administrator configures Port Security to allow only that MAC address on that port. Later, if someone disconnects that PC and connects an unauthorized laptop, the switch detects a different MAC address and blocks communication or shuts down the port. This prevents unauthorized network access.

6. Where It Is Used

Port Security is mostly used on access ports, where end devices such as computers, printers, IP phones, and office workstations connect. It is commonly used in company offices, schools, banks, hospitals, and enterprise networks where network access must be controlled for security reasons.

7. Benefits

Port Security improves LAN security, blocks unauthorized devices, limits the number of connected devices per port, protects against certain network attacks, and gives network administrators better control over switch port access. It is a simple but effective security feature for wired networks.

Port Security Example

1. Company Office Setup

In a company office network, each employee desk is connected to a managed switch port. Suppose Port 10 of the switch is assigned to one employee’s desktop computer. The network administrator enables Port Security on that port so that only the authorized office desktop can use that network connection. This helps ensure that only approved company devices can access the internal network.

2. Allowed Device Configuration

The administrator configures Port Security with the desktop computer’s MAC address, for example 00:1A:2B:3C:4D:5E, and sets the maximum allowed device count to one. This means only that specific computer is permitted to connect on Port 10. If the correct device is connected, the switch recognizes the MAC address and allows normal communication.

3. Normal Network Operation

When the authorized office desktop is connected to Port 10, it can access company resources normally. The employee can connect to servers, use printers, browse the internet, and access internal applications because the switch verifies that the MAC address matches the allowed configuration. The port remains active and traffic flows normally.

4. Unauthorized Device Connection

Later, if someone disconnects the office desktop and connects a personal laptop or unknown device to the same port, the switch reads the new MAC address. Since that MAC address is not in the allowed list, the switch detects it as a Port Security violation. This immediately triggers the security action configured on that port.

5. Switch Response

Depending on Port Security settings, the switch may block traffic silently, send an alert, or completely shut down the port. In many office networks, Shutdown mode is used for stronger protection. In this case, Port 10 becomes disabled, and the unauthorized device receives no network access until the administrator manually enables the port again.

6. Real Business Benefit

This protects the company network from unauthorized employee devices, visitor laptops, rogue switches, and accidental connections. It ensures that only approved company systems can use network ports, improving wired network security and helping administrators maintain better access control across the office LAN.

Port Security Modes

1. Protect Mode

In Protect mode, when an unauthorized device connects to the switch port, the switch simply drops traffic from that device. The unauthorized device cannot communicate on the network, but the port remains active for authorized devices. No alert or log message is usually generated. This mode provides basic protection without shutting down the port.

Example:
Allowed MAC = 00:1A:2B:3C:4D:5E
Unknown laptop connects → traffic blocked → port stays ON.

2. Restrict Mode

In Restrict mode, the switch blocks traffic from the unauthorized device just like Protect mode, but it also records the violation in logs and may send an alert (such as SNMP trap/syslog) to the network administrator. The port remains active for authorized devices, making it useful when administrators want security monitoring without port shutdown.

Example:
Unknown device connects → traffic blocked + alert sent to admin → port stays ON.

3. Shutdown Mode

In Shutdown mode, when an unauthorized device connects, the switch treats it as a serious security violation and disables the port completely. The port enters an error-disabled (err-disable) state and stops all communication until an administrator manually enables it again or automatic recovery is configured. This is the most secure mode and is commonly used in enterprise networks.

Example:
Unknown laptop connects → violation detected → Port 10 shuts down → no network access.

What is Port Security Sticky and Manual MAC

1. Manual Secure MAC Address Entry

In Manual Port Security mode, the network administrator manually configures the MAC address that is allowed on a specific switch port. The switch stores this MAC address as a secure address, and only that approved device can use the port. If another device with a different MAC address connects to that port, the switch detects it as a Port Security violation and blocks traffic, sends an alert, or shuts down the port depending on the configured security mode. Manual configuration provides strong security because access is tightly controlled by the administrator.

Example: A company desktop computer with MAC address 00:1A:2B:3C:4D:5E is manually configured on Port 10. When that desktop connects, network access is allowed. If someone connects a different laptop with another MAC address, the switch blocks access or disables the port.

2. Sticky Secure MAC Address Automatically

In Sticky Port Security mode, the switch automatically learns the MAC address of the first device connected to the port and saves it as a secure MAC address. After learning that address, the switch allows only that device to use the port. If another device with a different MAC address is connected later, it is treated as an unauthorized device and Port Security action is triggered. Sticky mode reduces manual configuration work because administrators do not need to enter MAC addresses one by one, making it useful in large networks.

Example: A new office PC connects to Port 15 with MAC address AA:BB:CC:DD:EE:FF. The switch automatically learns and stores that MAC address. Later, if another laptop is connected to Port 15, the switch detects the MAC mismatch and blocks the connection.

3. Difference Between Manual and Sticky

The main difference is how the secure MAC address is learned. In Manual mode, the administrator manually enters the allowed MAC address in the switch configuration. In Sticky mode, the switch automatically learns and stores the MAC address of the connected device. Manual mode gives more control and stronger planned security, while Sticky mode makes deployment easier and faster in environments with many devices.

4. Where They Are Used

Manual Port Security is commonly used for fixed devices such as office desktops, servers, printers, and important systems where the administrator wants strict access control. Sticky Port Security is often used in larger office networks where many access ports must be secured quickly, because the switch can automatically learn device MAC addresses without manual entry. Both methods improve switch port security and help prevent unauthorized devices from joining the network.

Why Need Port Security in Company Network

In a company network, port security is needed to protect the network from unauthorized devices and internal attacks. When port security is enabled on a switch (for example on devices running Cisco IOS), the administrator can limit which MAC addresses are allowed to connect to each switch port. This ensures that only approved computers or devices can access the company network. It also helps control how many devices can connect to a port, which improves overall network security and management.
Without port security, several problems can occur in a company network. Any person could plug a laptop or unauthorized device into an open switch port and gain access to internal resources such as files, printers, or servers. Attackers may also perform MAC flooding attacks, which can overload the switch’s MAC address table and allow them to capture network traffic. Additionally, employees might connect personal devices that introduce malware or cause network misuse. Because of these risks, companies use port security to prevent unauthorized access, protect sensitive data, and maintain stable network performance.

Frequently Asked Questions

Q1. Why is port security important?

Due to the open nature of the switch ports in Ethernet LANs, several assaults, such as layer-2 DoS attacks and address spoofing, are possible. Port security is an effective means of securing a network by preventing unauthorized devices from forwarding packets. You may limit the number of MAC addresses, configure static MAC addresses, and penalize unauthorized users with the help of port security.

Q2. What layer is port security?

Port security is a Layer 2 security feature that may be implemented on each port of a switch. Its purpose is to filter incoming frames based on the media access control (MAC) addresses of the devices that are connected to the switch.

Q3. What are the 3 types of port security?

There are mainly 3 types of port security violations. These are:

Shutdown
Protect
Restrict

When the switch’s port security violation feature is on, each port may be set to use one of three violation modes, each defining the actions to be taken in the event of a security violation.

Q4. What are the methods of port security?

Mainly there are two methods of port security. These are:

Static
Dynamic

One can use the above two methods individually or can be used concurrently.

Port Security Configuration in Cisco Switch

There is a security saying – “The network is only as strong as its weakest link.” On a campus LAN, the weakest part is often not the core or the internet edge but the access layer. Anyone can plug a cable into the wall jack leading to the access switch. And the switch, by default, will forward traffic for whatever device shows up—PC, printer, or a rogue laptop.

Why do we need port security?

Access switches live at the edge, where humans and devices connect. That edge is the most dynamic layer of the network. People move desks. Contractors and suppliers visit. IP phones sit between PCs and switches. Printers get swapped and so on. It is one of the network’s weakest layers. Let’s consider the following example.

Imagine an open office space with desks everywhere. What stops someone with access to the office from unplugging a device at an empty desk and plugging their rogue device into the wall jack, as shown in the diagram?

By default, switches don’t apply any access control. Anyone who plugs in a device can jump onto the local network, receive an IP address via DHCP, and gain access to the corporate network. As you can imagine, that’s a significant security gap.

Several layer 2 security features are designed to close this security loophole. The fastest and most straightforward way to protect the access layer from such exploits is to use port security. It limits the number of MAC addresses that can appear on a port and specifies which MACs are allowed to connect.

What is Port-Security?

On Cisco Catalyst switches, port security is a per-interface feature that enforces a limit and a list of allowed MAC addresses. If a device connects and its MAC is allowed, all good. If too many MACs appear or an unexpected MAC is detected, the port goes into an err-disabled state, as shown in the diagram below.

So in summary, port security is used as basic protection on access ports. It performs two main functions:

Limits the number of allowed MAC addresses on a port.
Control which MAC addresses are allowed based on a static or dynamic list.

There are several use cases in which engineers utilize port security on access switches as part of the organization’s security strategy:

Lock a wall jack to a single device – Stops people from unplugging a PC and connecting a rogue AP, mini-switch, or another device. Also limits MAC-flood attempts from that jack.
Printers, cameras, sensors, IoT – Pin the MAC address of the known device so that only that device can connect to the network. Great for hallways, ceilings, and closets where wall jacks are hard to observe and protect.

How does port-security work?

Port security is a per-access interface feature. This means we configure it on a per-interface basis on access ports. We enable the feature using the following command under an interface config mode

				
					Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# interface Ethernet0/1
Switch(config-if)# switchport port-security
Command rejected: Ethernet0/0 is a dynamic port.

				
					Switch(config)# interface Ethernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 20
Switch(config-if)# switchport port-security
!

				
					Switch(config-if)# switchport port-security ?
  aging        Port-security aging commands
  mac-address  Secure mac address
  maximum      Max secure addresses
  violation    Security violation mode
  <cr>         <cr>

				
					interface Ethernet0/1
 switchport mode access
 switchport access vlan 20
 switchport port-security
 switchport port-security maximum 2

				
					interface Ethernet0/1
 switchport access vlan 10
 switchport port-security
 switchport port-security mac-address 0011.2233.4455

This security feature is useful when connecting printers, cameras, or other IoT devices located in areas that are difficult to watch and physically protect. For example, a CCTV camera can be connected in a closet on the roof where nobody is watching. An attacker can easily unplug the camera and connect their device without anyone noticing.

However, this manual method doesn’t scale. Imagine a campus that has hundreds of printers and CCTV cameras. It is a lot of manual work to pre-configure the MAC address of each device on the connected port. That’s why Cisco introduced a semi-automated method called MAC-address sticky.

Mac-address Sticky

The MAC-address sticky is a port-security feature that allows the switch to automatically learn a MAC address and then “stick” it to the running configuration. We enable it as shown below.

				
					interface Ethernet0/1
 switchport access vlan 10
 switchport port-security
 switchport port-security mac-address sticky

Instead of a network admin typing the MAC address by hand, the switch sees the first device that connects, writes down its MAC address in the running config, and treats it as a trusted device. After that, only that MAC is allowed on the port (unless the admin clears or changes it).

KEY NOTE: In simple terms, when mac-address sticky is configured, the switch remembers in the running config the first MAC address that is plugged in.

A typical example when mac-address sticky is used is when the network team wants to secure large deployments of static devices like printers, cameras, sensors, or other IoT devices, where typing MACs manually would be unscalable and painful. For example, there is a project to install multiple printers in the campus network. The day when the printers are connected to the network, the network team configures the switchports with port-security and mac-address sticky, as shown in the diagram below.

				
					Switch# show mac address-table interface eth0/1
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
  20    aabb.cc00.7000    STATIC      Et0/1
Total Mac Addresses for this criterion: 1

				
					Switch# show run int Et0/0
Building configuration...

Current configuration : 235 bytes
!
interface Ethernet0/1
 switchport access vlan 20
 switchport mode access
 switchport port-security
 switchport port-security mac-address sticky
 switchport port-security mac-address sticky aabb.cc00.7000
end

				
					Switch# copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]

				
					Switch(config-if)# switchport port-security violation ?
  protect   Security violation protect mode
  restrict  Security violation restrict mode
  shutdown  Security violation shutdown mode

Protect: Drop frames from unknown or excess MACs. Do not log. Do not disable the port. Authorized devices keep working. Quiet but strict.
Restrict: Drop frames from unknown or excess MACs. Increment a violation counter, and send an SNMP trap/syslog. Good for visibility with less disruption.
Shutdown (default): Put the port into the err-disabled state. It goes down and stays down until you manually shutdown/no shutdown the interface, or until an automatic recovery kicks in if you’ve configured it.

The shutdown option is most commonly used and is the default violation option on modern switches. Here, it is essential to note that once a port enters the err-disabled state, it remains in that state until either manual or automatic recovery is performed.

For example, let’s see what happens if we disconnect the printer and connect another device to the switchport.

				
					Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# interface Ethernet0/1
Switch(config-if)# shutdown
Switch(config-if)# no shutdown

				
					Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# errdisable recovery cause psecure-violation
Switch(config)# errdisable recovery interval 300

				
					Switch(config)# errdisable recovery cause ?                
  all                   Enable timer to recover from all error causes
  arp-inspection        Enable timer to recover from arp inspection error
                        disable state
  bpduguard             Enable timer to recover from BPDU Guard error
  channel-misconfig     Enable timer to recover from channel misconfig error
                        (STP)
  dhcp-rate-limit       Enable timer to recover from dhcp-rate-limit error
  dtp-flap              Enable timer to recover from dtp-flap error
  gbic-invalid          Enable timer to recover from invalid GBIC error
  inline-power          Enable timer to recover from inline-power error
  l2ptguard             Enable timer to recover from l2protocol-tunnel error
  link-flap             Enable timer to recover from link-flap error

Remember that err-disabled recovery is a common question in the CCNA lab portion, so make sure to spend some time practicing.

Port Security limitations

Port security is an old feature that had its place in the organization’s security strategy. However, in modern network environments, it is insufficient to prevent rogue devices from connecting to the corporate network.

Its biggest weakness is that it relies only on MAC addresses for access control. MAC addresses can be easily spoofed. You can typically change a device’s MAC address with a single command. Therefore, port security cannot stop a malicious user from mimicking a legitimate device and gaining unauthorized access.

Port security also does not verify who is connecting — it only checks the device’s MAC. In environments where users move between desks, use docking stations, or frequently change hardware, managing MAC lists can become difficult and error-prone. A harmless change, like replacing a NIC or adding a USB Ethernet adapter, can trigger a violation and shut down the port. This creates operational overhead and potential downtime.

Because of these challenges, modern networks rely more on identity-based access methods like IEEE 802.1X. Instead of trusting a MAC address, 802.1X authenticates the user or device before granting access, using credentials or certificates. It provides a stronger security model, supports dynamic policies, VLAN assignment, and can even check device health before allowing connectivity.

In short, port security still has value as a basic protection layer, especially for simple deployments or IoT endpoints. However, 802.1X offers more scalable, flexible, and secure control — making it the preferred solution for enterprise networks.

Key Takeaways

Port security protects access ports by limiting and controlling MAC addresses.
It prevents unauthorized devices from connecting to the LAN.
You must set the port to access mode before enabling port security.
The maximum MAC command limits how many MACs the port can learn.
Allowed MACs can be:
- Manually configured, or
- Learned automatically with sticky MAC
Violation modes:
- Protect – drop traffic, no log, port stays up
- Restrict – drop traffic, log + SNMP trap, port stays up
- Shutdown (default) – port goes err-disabled
Port stays down after shutdown until manually reset or auto-recovered.
errdisable recovery can bring ports up automatically after a timer.
Port security is basic Layer-2 access control; useful but limited.
MAC spoofing is possible – the reason modern networks use 802.1X instead.

Port Security Configuration With 5 Devices

				
					Sticky Port Security Configuration (Allow 5 Devices)
....................................................
1. Enter Interface Mode
Switch# configure terminal
Switch(config)# interface fastEthernet 0/1


2. Set Port as Access Port and Enable Port Security
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security

3. Set Maximum 5 Devices
Switch(config-if)# switchport port-security maximum 5

4. Enable Sticky MAC Learning
Switch(config-if)# switchport port-security mac-address sticky

5. Set Violation Mode (Example: Shutdown)
Switch(config-if)# switchport port-security violation shutdown

6. Save Configuration
Switch# write memory


Manual Port Security Configuration (5 Devices)
..............................................

1. Enter Interface Mode
Switch# configure terminal
Switch(config)# interface fastEthernet 0/1


2. Set Port as Access Port and Enable Port Security
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security

3. Set Maximum 5 Devices
Switch(config-if)# switchport port-security maximum 5

4. Manually Add Allowed MAC Addresses (5 Devices)
Switch(config-if)# switchport port-security mac-address 00:11:22:33:44:01
Switch(config-if)# switchport port-security mac-address 00:11:22:33:44:02
Switch(config-if)# switchport port-security mac-address 00:11:22:33:44:03
Switch(config-if)# switchport port-security mac-address 00:11:22:33:44:04
Switch(config-if)# switchport port-security mac-address 00:11:22:33:44:05

5. Set Violation Mode (Example: Shutdown)
Switch(config-if)# switchport port-security violation shutdown

6. Save Configuration
Switch# write memory

Port Security Show Commands
...........................
1. Check Port Security Status (All Interfaces)
show port-security

2. Check Specific Interface Status
show port-security interface fastEthernet 0/1

3. Show Secure MAC Addresses
show port-security address

4. Show Running Configuration
show running-config

5. Show MAC Address Table (Helpful)
show mac address-table

6. Check Disabled Port Status
show interface status

7. Manually Recover (Reset Port)
configure terminal
interface fastEthernet 0/1
shutdown
no shutdown

What is Port Security?

Port Security is a switch feature that controls which devices can connect to a switch port using their MAC address.It allows only authorized devices and blocks unknown devices to improve network security.

How does Port Security Works

As we know about the switch, it’s a layer 2 device that stores the MAC Address of connected clients, and to verify this – we have a lab ready, have a look at the topology given below.

We got one switch and five clients connected to this switch, and all the clients’ MAC Addresses are also mentioned on the topology.

Let’s see the output of the MAC table inside the switch using the command –

				
					Switch#show mac address-table

If you want to see how many total Mac Addresses your switch can store inside the CAM Table so, there is a command to verify that as well i.e.

				
					Switch#show mac address-table count

By default, we know all interfaces on Cisco switches are turned on. That means that an attacker can connect to your network through another available port and potentially threaten your network. If you know which devices will be connected to which ports, you can use the Cisco security feature called port security.

By using port security, a network admin can reserve a specific MAC address with the interface, which can prevent an attacker from connecting his device. This is how you can restrict access to an interface so only authorized devices can use it. If an unauthorized device is connected, you can decide what action the switch will take, for example, discard the traffic or shut down the port and put the port in an err-disable state.

It adds an additional layer of security to the switching network.

Let’s take a scenario to understand the concept of port security in more detail –

Let’s say if an attacker is sitting inside your LAN, and he got access to your switch with any port that is not in use. There are many operating systems in the market, like Kali Linux; using this kind of OS, the attacker can send many fake MAC entries to the switch, and when the switch will receive the fake frames with fake MAC Addresses. The switch will store the MAC entry inside the CAM table.

Suppose your switch has total address space available in the CAM Table of 100 MAC Entries. Using the fake frames, the attacker fills the MAC Table, and in this kind of scenario, when the MAC table is completely filled, the switch starts acting like a HUB. Whenever a frame is received on the switch, the switch will broadcast in the network, allowing the attacker to capture the traffic, and the attacker can see what’s going on inside the network.

So, this is what we call a MAC Table overflow attack and preventing these types of attacks in Port Security.

Port Security allows you to limit the MAC-Address on the interface. So basically, by using it, you can assign a number of MAC addresses, and you can fix on port with static MAC entry.

Role of Port Security in Networking

Port security can provide several benefits for network security and performance, such as:

Preventing the ability of unauthorized devices to access protected network information and resources.
Keeping malicious software and viruses out of the network by blocking access from unapproved devices.
Preventing unauthorized devices from consuming bandwidth or causing congestion on the network.
Preventing spoofing and impersonation by unauthorized network devices.
The elimination of network loops and broadcast storms caused by malicious devices.

It assists network administration and troubleshooting by showing which devices are connected to which ports and detecting any topological changes or anomalies.

Key Features of Port Security

Here are some features of Port Security in Networking:

MAC Address Control: It can be used to control various devices using MAC Addresses.
Device Limitation: It lets you set a limit on the number of devices that can connect to a port.
Violation Action: Port security can itself respond to security violations in three ways: Protect, Restrict, and Shutdown.

Port Security Violation Types

Port security violation types are the actions that trigger a response when a device tries to connect to a switch port that is configured with port security. It has three violation parameters.

Shutdown
Protect
Restrict

Let’s understand each port security violation in detail.

Shutdown

When any unauthorized device tries to connect to the port which is configured with port security shutdown violation, the port immediately goes into an err-disable state. This shutdown violation is also the default violation mode.

To configure shutdown – Let’s go on the switch CLI and run the following commands.

				
					Switch>enable
Switch#configure terminal
Switch(config)#interface fa0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security mac-address 0030.A3C4.C9C7

(By this command we have statically assigned the MAC Address to interface fa0/1 with shutdown violation)

				
					Switch(config-if)#switchport port-security violation shutdown

Now to verify the output of port security on interface fa0/1,

Run the following command –

				
					Switch#show port-security interface fa0/1

Now, on this interface, if the attacker tries to access the port will automatically go into the err-disable state which means shutdown and to turn the port you have to manually select the interface shutdown and then run the command no shut down.

FastEthernet0/1 is down, line protocol is down (err-disabled)

Protect

The port is allowed to stay up. As this port reaches its MAC add limit, it stops learning MAC Address. Although packets from violations dropped, no record of violation is kept.

When it comes to the violation parameter, which is protected, so here, when the attacker tries to connect with any interface configured with protect violation, the port will stay up. Still, the attacker won’t be able to communicate inside the LAN. The switch will stop learning the MAC and will drop the frame.

To configure port-security protect use the following commands –

				
					Switch(config-if)#switchport port-security violation protect

By this keyword sticky we have done the automatic assignment of the MAC Address to interface fa0/2 which means that after assigning this command the user who’ll first send the frame to interface fa0/2. The MAC of the user who’ll first send the frame will stick to interface fa0/2

				
					Switch>enable
Switch#configure terminal
Switch(config)#interface fa0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security mac-address sticky

Verify the MAC entries as well –