Port Security Explained: Locking Down Switch Ports
Port security restricts which and how many MAC addresses can use a switch port, stopping unauthorised devices and MAC-flooding attacks. When a violation occurs, the port takes one of three actions: protect, restrict or shutdown (the default).
The three violation modes
- protect — silently drops frames from unknown MACs, no logging.
- restrict — drops frames and logs/increments a counter.
- shutdown (default) — err-disables the port entirely until an admin re-enables it.
Sticky MAC addresses
Rather than typing allowed MACs by hand, switchport port-security mac-address sticky makes the switch learn and save the current device's MAC to the running config. It's a practical way to lock a port to whatever is plugged in today — common in access-layer security designs, and paired with ACLs and DHCP snooping for defence in depth.
Frequently asked questions
What does port security do?
It limits which MAC addresses (and how many) may use a switch port, blocking unauthorised devices and mitigating MAC-flooding attacks.
What is the default port security violation mode?
Shutdown — the port is err-disabled on violation and must be manually re-enabled, which is the most secure default.
What is a sticky MAC address?
A MAC the switch dynamically learns and saves to its configuration, so the port stays locked to the currently connected device without manual entry.
Related articles
Want hands-on training?
Learn this on real Cisco lab devices with placement support at Attila Technologies, Ahmedabad.