Port security is just another way network engineers can lock down their network by using the variety of switchport security settings offered on Cisco switching equipment. This article will discuss locking down ports on Cisco switches on a layer 2 level. ACLs focus on source/destination IP addresses on the layer 3 side, while switchport security settings allow you to control which layer 2 MAC addresses are allowed to connect to a certain switch port. Learning this is key to being a successful engineer and working your way up to a CCNA.
Mac Address Tables
Just as a quick reminder, remember the sh mac address command will give you a quick summary of each switch port and any MAC addresses associated with it. If two switches are connected together, you will see all the MAC addresses from the devices connected to the other switch under the single switch-to-switch connection. You will also see a MAC address of the switch port. Generally speaking, you will only see switch port MAC addresses when switches are connected together, not when an end device is connected to a switch port.
Switch Port Security
To configure switch port security, go to global configuration mode. Use the command