Is this frame from a trusted Source? That is the question!
As I continue my CCNP studies, I near the end of the CCNP Switch Course, this is a topic that was covered in the CCNA, and I haven’t really touched it since, so here is a refresher.
A port enabled with port security will expect to see frames sourced from a particular MAC address or group of MAC addresses, if the switch receives a frame from a MAC address it does not have listed the port takes action according to the violation mode that is set. The violation mode by default is to shutdown the port.
Enable Port Security
*You can only enable port security on a edge port, so that means that port can never become a trunk port*
tpw-sw1(conf)# int gi0/1 tpw-sw1(config-int)#switchport mode access tpw-sw1(config-int)#switchport access vlan 10 tpw-sw1(config-int)#switchport port-security
Confirm it is working and information gathering
tpw-sw1# show port-security tpw-sw1# show port-security address tpw-sw1# show port-security interface gi0/1
More Port Security options
tpw-sw1(conf)# int gi0/1 tpw-sw1(config-int) switchport port-security ? aging - Port-security aging commands mac-address - Secure mac address maximum - Max secure addresses violation - Security violation mode
tpw-sw1(config-int) switchport port-security maximum <1-6144>
tpw-sw1(config-int) switchport port-security violation ? protect - Security violation protect mode (drops the offending frames ) restrict - Security violation restrict mode (drops, creates log messages, but port remains active ) shutdown - Security violation shutdown mode (default will put the port into err-disabled (fix problem first and shut, no shut))
tpw-sw1(config-int) switchport port-security mac-address ? H.H.H - 48 bit mac address sticky - Configure dynamic secure addresses as sticky (dynamic addresses but kept on switch reload )
tpw-sw1(config-int) switchport port-security aging ? time Port-security aging time type Port-security aging type
This is just the very basics of Port Security, there is similar implementations on all switches I have worked with.