Switchport Security

Port security in networking is a feature used to restrict access to a switch port based on the MAC addresses of devices. It helps to prevent unauthorized devices from connecting to the network, thereby improving overall security. The IEEE 802.1X standard is commonly used to enforce port security by authenticating devices before granting access. Port security is important because it prevents potential security threats, such as unauthorized access, network attacks, or malicious devices that could compromise sensitive data or network performance. By controlling which devices can access the network, it adds an additional layer of defense against network breaches.

Enabling port security on a Cisco switch:

1. Enter global configuration mode:

   Switch# configure terminal

2. Select the interface you want to configure (e.g., GigabitEthernet 0/1):

   Switch(config)# interface gi0/1              

   (or interface range gi0/1 - 48 for an entire 48p switch)
3. Enable port security on the interface:

   Switch(config-if)# switchport port-security

4. Set the maximum number of allowed MAC addresses (e.g., 2):

   Switch(config-if)# switchport port-security maximum 1

5. Configure the port to shut down if a security violation occurs:

   Switch(config-if)# switchport port-security violation shutdown

6. Optionally, specify the MAC addresses that are allowed or set it to dynamically learn the addresses:

   Switch(config-if)# switchport port-security mac-address sticky

7. Finally, save the configuration to ensure the settings are persistent:

   Switch# write memory