One common port security scenario is to configure a static MAC address on a switchport. If the switch sees a mac address other than the configured address, a violation occurs. By default, the violation action is shutdown.You might use a configuration like this in a college computer lab. Let’s say that you have a printer on switchport fa0/14. You don’t want students to unplug that printer and gain access to the network, so you configure port security on that interface and configure the printer’s MAC address.
description lab printer
switchport access vlan 125
switchport mode access
switchport port-security mac-address 0013.1a41.5434
Now imagine that one of your pesky students decides to unplug the printer and connect his laptop to the port. FAIL. 😉 Here’s the switch log:
00:54:45: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/14, putting Fa0/14 in err-disable state
00:54:45: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0013.1a41.544e on port FastEthernet0/14.
00:54:46: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/14, changed state to down
00:54:47: %LINK-3-UPDOWN: Interface FastEthernet0/14, changed state to down
As you can see, the switch operates as configured. When it sees the student’s MAC address, 0013.1a41.544e, a violation occurs and the default action is taken. The port is shut down.