2.16. Implement basic switch security (including: port security, trunk access, management vlan other than vlan1, etc.)

So, just how do you stop someone from simply plugging a host into one of your switch ports—or worse, adding a hub, switch, or access point into the Ethernet jack in their office? By default, MAC addresses will just dynamically appear in your MAC forward/filter database. You can stop them in their tracks by using port security. Here are your options:

Switch#config t
Switch(config)#int f0/1
Switch(config-if)#switchport port-security ?
   aging           Port-security aging commands
   mac-address     Secure mac address
   maximum         Max secure addresses
   violation       Security violation mode
   <cr>

You can see clearly in the preceding output that the switchport ...

Get CCNA®: Cisco® Certified Network Associate: Fast Pass, Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.