Port Security: Violation Modes

In this article we will discuss Port Security: Violation Modes, will make brief discussion on Port Security: Violation Modes, In last article we discuss about
Port Security: Operation.

An interface can be configured for one of three violation modes, specifying the action to be taken if a violation occurs.

  • Protect – When the number of secure MAC addresses reaches the limit allowed on the port, packets with unknown source addresses are dropped until a sufficient number of secure MAC addresses are removed, or the number of maximum allowable addresses is increased. There is no notification that a security violation has occurred.
  • Restrict – When the number of secure MAC addresses reaches the limit allowed on the port, packets with unknown source addresses are dropped until a sufficient number of secure MAC addresses are removed, or the number of maximum allowable addresses is increased. In this mode, there is a notification that a security violation has occurred.
  • Shutdown – In this (default) mode, a port security violation causes the interface to immediately become error-disabled and turns off the port LED. It increments the violation counter. When a secure port is in the error-disabled state, it can be brought out of this state by entering the shutdown interface configuration mode command followed by the no shutdown command.

To change the violation mode on a switch port, use the switchport port-security violation {protect | restrict | shutdown} interface configuration mode command.

Add a Comment

Your email address will not be published. Required fields are marked *