2.16. Implement basic switch security (including: port security, trunk access, management vlan other than vlan1, etc.)
So, just how do you stop someone from simply plugging a host into one of your switch ports—or worse, adding a hub, switch, or access point into the Ethernet jack in their office? By default, MAC addresses will just dynamically appear in your MAC forward/filter database. You can stop them in their tracks by using port security. Here are your options:
Switch#config t Switch(config)#int f0/1 Switch(config-if)#switchport port-security ? aging Port-security aging commands mac-address Secure mac address maximum Max secure addresses violation Security violation mode <cr>
You can see clearly in the preceding output that the switchport ...