Cisco Basics: Port Security

Port Security is a feature of Cisco Catalyst switches which restricts the number of MAC addresses per port. The intention is to prevent users plugging in unmanaged switches to extend the network by sharing a single port. Whilst not a perfect solution as MAC addresses can be spoofed, it deters the average user.

When a device is connected to a switch port the Ethernet frame is examined and the source MAC address is recorded. If a second source MAC address is detected the switch will shut down the port to prevent multiple devices accessing the network.

Port security is enabled on a per-port basis, usually on all access ports. Enabling port security with the default options takes a single command:

Switch(config)# int fa0/1
Switch(config-if)# switchport port-security

Continue reading Cisco Basics: Port Security