One common port security scenario is to configure a static MAC address on a switchport. If the switch sees a mac address other than the configured address, a violation occurs. By default, the violation action is shutdown.You might use a configuration like this in a college computer lab. Let’s say that you have a printer on switchport fa0/14. You don’t want students to unplug that printer and gain access to the network, so you configure port security on that interface and configure the printer’s MAC address.
interface FastEthernet0/14
description lab printer
switchport access vlan 125
switchport mode access
switchport port-security
switchport port-security mac-address 0013.1a41.5434
Now imagine that one of your pesky students decides to unplug the printer and connect his laptop to the port. FAIL. 😉 Here’s the switch log:
00:54:45: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/14, putting Fa0/14 in err-disable state
00:54:45: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0013.1a41.544e on port FastEthernet0/14.
00:54:46: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/14, changed state to down
00:54:47: %LINK-3-UPDOWN: Interface FastEthernet0/14, changed state to down
As you can see, the switch operates as configured. When it sees the student’s MAC address, 0013.1a41.544e, a violation occurs and the default action is taken. The port is shut down.