Port security limits which MAC addresses can use a switch port. If an unauthorized MAC appears, the switch can drop, restrict, or shut the port. This stops casual "plug-anything-in" attacks at the access layer. This lab configures port security on SW1's Ethernet0/2 in the base topology.
What you will learn
- The three violation modes: protect, restrict, shutdown
- How to limit MAC count per port
- Sticky MAC learning - dynamic learn then make persistent
- How to read
show port-security interface
What this lab does NOT cover
- 802.1X port-based authentication (lab sec-08)
- DHCP snooping + DAI (next lab, sec-05)
Topology
Download the CCNA Base Topology .yaml
3 iol-xe routers + 1 alpine + 1 ioll2-xe managed switch + 1 unmanaged switch.
