Quick Definition
A switch feature that limits the number of MAC addresses allowed on a port.
Port Security restricts which MAC addresses can send frames through a switch port, limiting the number of learned MAC addresses. When a violation occurs (unknown MAC or too many MACs), the port can be configured to: Shutdown (errdisable — default), Restrict (drop frames, log, counter), or Protect (silently drop frames). Secure MAC addresses can be configured statically or learned dynamically (sticky). Port Security applies to access ports.
interface GigabitEthernet0/1 switchport port-security switchport port-security maximum 2 switchport port-security violation shutdown switchport port-security mac-address sticky
The default violation mode is Shutdown (errdisable). Shutdown permanently disables the port until manually re-enabled. Restrict and Protect keep the port active. Sticky MAC learning saves dynamically learned MACs to the running config.
A 48-bit hardware identifier burned into every network interface card.
A switch security feature that filters DHCP messages to prevent rogue DHCP servers.
A switch security feature that validates ARP packets using the DHCP Snooping binding table to prevent ARP spoofing.
Port Security restricts which MAC addresses can send frames through a switch port, limiting the number of learned MAC addresses. When a violation occurs (unknown MAC or too many MACs), the port can be configured to: Shutdown (errdisable — default), Restrict (drop frames, log, counter), or Protect (silently drop frames). Secure MAC addresses can be configured statically or learned dynamically (sticky). Port Security applies to access ports.
The default violation mode is Shutdown (errdisable). Shutdown permanently disables the port until manually re-enabled. Restrict and Protect keep the port active. Sticky MAC learning saves dynamically learned MACs to the running config.
Port Security falls under the Security domain of the 200-301 exam. Understanding it in context with related terms like mac-address and dhcp-snooping is essential for answering scenario-based questions correctly.