Networking Tutorials

Port Security Explained: Locking Down Switch Ports

Port security restricts which and how many MAC addresses can use a switch port, stopping unauthorised devices and MAC-flooding attacks. When a violation occurs, the port takes one of three actions: protect, restrict or shutdown (the default).

The three violation modes

  • protect — silently drops frames from unknown MACs, no logging.
  • restrict — drops frames and logs/increments a counter.
  • shutdown (default) — err-disables the port entirely until an admin re-enables it.

Sticky MAC addresses

Rather than typing allowed MACs by hand, switchport port-security mac-address sticky makes the switch learn and save the current device's MAC to the running config. It's a practical way to lock a port to whatever is plugged in today — common in access-layer security designs, and paired with ACLs and DHCP snooping for defence in depth.

Frequently asked questions

What does port security do?

It limits which MAC addresses (and how many) may use a switch port, blocking unauthorised devices and mitigating MAC-flooding attacks.

What is the default port security violation mode?

Shutdown — the port is err-disabled on violation and must be manually re-enabled, which is the most secure default.

What is a sticky MAC address?

A MAC the switch dynamically learns and saves to its configuration, so the port stays locked to the currently connected device without manual entry.

VS
Vipul Sir — Lead Instructor, Attila Technologies20+ years in Cisco networking. Teaching CCNA, CCNP, CCIE & CyberOps in Ahmedabad since 2004.

Want hands-on training?

Learn this on real Cisco lab devices with placement support at Attila Technologies, Ahmedabad.

Start your networking career with Attila Technologies

Hands-on Cisco training, real lab devices and placement support in Ahmedabad.