In Cisco switches, you can limit PCs based on their Mac-address. Port security enhances the security in Cisco devices
Let’s implement a scenario to learn more about port security:
Senario 1: In company A, we want to define port-security to learn mac-address of all PCs on the nework and maximum each port has to learn maximum two mac-address. In a case of violation, ports should shutdown immediately.
port security voilation has three modes:
shutdown: This is a default mode. It’ll shutdown the interface.
protect: Allow traffic from valid mac-address but block traffic from invalid.
restrict: Assist with troubleshooting by keeping count of voilations.
You can define static mac-address with this command:
In real scenario, network administrators define auto recovery for port security. It means in case of violation, ports automatically enable timer to recover from psecure violation disable state:
also we can define timer interval(second), to recover automatically:
You can use these commands to see port security: