📖 What is Port Security?
Port Security is a Layer 2 switch feature that limits the number of MAC addresses that can be learned on a specific physical port. It can be configured to shut down the port or drop traffic if an unauthorized device is connected.
"This is your primary defense against MAC flooding attacks. Be familiar with the 'violation' modes: shutdown, restrict, and protect."
📚 Certification: CompTIA Network+ Certification Exam (N10-009)
🔑 What are the Key Concepts of Port Security?
- ▸ MAC Address Limits allow administrators to specify the maximum number of unique MAC addresses allowed on a port, preventing CAM table overflow attacks.
- ▸ Sticky MAC addresses automatically learn the first device connected and save it to the running configuration, simplifying deployment while maintaining strict access control.
- ▸ The Shutdown violation mode disables the port entirely upon a breach, requiring a manual administrator reset to restore connectivity to the network.
- ▸ Restrict and Protect modes both drop unauthorized traffic, but Restrict generates an SNMP trap and logs the violation, whereas Protect drops traffic silently.
- ▸ Port security primarily operates at Layer 2, serving as a critical defense against MAC flooding attacks that attempt to force switches into hub-like behavior.
🎯 How does Port Security appear on the N10-009 Exam?
A scenario might describe a network port that suddenly goes into an 'err-disabled' state after a user connects an unauthorized wireless router. You will be asked to identify the security feature and the specific violation mode being used.
You may be asked to recommend a configuration that prevents unauthorized devices from connecting to a port but ensures the administrator is notified via a log message whenever a violation occurs.
Expect questions where you must choose between static MAC entries and sticky MAC learning for a deployment involving hundreds of workstations to balance security with administrative overhead.
❓ Frequently Asked Questions
What is the main difference between Port Security and 802.1X?
Port Security relies on the MAC address, which can be spoofed, to control access. 802.1X is a more robust framework providing port-based authentication using credentials or certificates via a RADIUS server.
Why would I choose 'Restrict' over 'Protect' mode?
Use Restrict when you need visibility into security breaches. While both drop unauthorized packets, Restrict sends a notification to the management console, allowing admins to identify and respond to the intruder.
Can Port Security prevent all types of MAC spoofing?
No, Port Security cannot stop a sophisticated attacker from spoofing a known, authorized MAC address. It only prevents the connection of unknown MACs or too many MACs on a single port.