What Does Port Security Mean in 200-301?
Quick Definition
A switch feature that limits the number of MAC addresses allowed on a port.
Full Definition
Port Security restricts which MAC addresses can send frames through a switch port, limiting the number of learned MAC addresses. When a violation occurs (unknown MAC or too many MACs), the port can be configured to: Shutdown (errdisable — default), Restrict (drop frames, log, counter), or Protect (silently drop frames). Secure MAC addresses can be configured statically or learned dynamically (sticky). Port Security applies to access ports.
CLI Command
interface GigabitEthernet0/1 switchport port-security switchport port-security maximum 2 switchport port-security violation shutdown switchport port-security mac-address sticky
Exam Trap — Don't Get Fooled
The default violation mode is Shutdown (errdisable). Shutdown permanently disables the port until manually re-enabled. Restrict and Protect keep the port active. Sticky MAC learning saves dynamically learned MACs to the running config.
Related 200-301 Terms
A 48-bit hardware identifier burned into every network interface card.
A switch security feature that filters DHCP messages to prevent rogue DHCP servers.
A switch security feature that validates ARP packets using the DHCP Snooping binding table to prevent ARP spoofing.
Frequently Asked Questions
What does Port Security mean on the 200-301 exam?
Port Security restricts which MAC addresses can send frames through a switch port, limiting the number of learned MAC addresses. When a violation occurs (unknown MAC or too many MACs), the port can be configured to: Shutdown (errdisable — default), Restrict (drop frames, log, counter), or Protect (silently drop frames). Secure MAC addresses can be configured statically or learned dynamically (sticky). Port Security applies to access ports.
How does Port Security appear as a trap on the 200-301?
The default violation mode is Shutdown (errdisable). Shutdown permanently disables the port until manually re-enabled. Restrict and Protect keep the port active. Sticky MAC learning saves dynamically learned MACs to the running config.
How important is Port Security on the 200-301 exam?
Port Security falls under the Security domain of the 200-301 exam. Understanding it in context with related terms like mac-address and dhcp-snooping is essential for answering scenario-based questions correctly.