Violation Modes

There are three different violation modes that determine what the switch will do if an unauthorized frame enters an interface configured with port security.

Shutdown

Effectively shuts down the port by placing it in an err-disabled state.
Generates a Syslog and/or SNMP message when the interface is disabled.
The violation counter is set to 1 when the interface is disabled.

Restrict

The switch discards traffic from unauthorized MAC addresses.
The interface is NOT disabled.
Generates a Syslog and/or SNMP message each time an unauthorized MAC is detected.
The violation counter is incremented by 1 for each unauthorized frame.

Protect

The switch discards from unauthorized MAC addresses.
The interface is NOT disabled.
It does NOT generate Syslog/SNMP messages for unauthorized traffic.
It does NOT increment the violation counter.

PreviousEnabling Port Security NextSecure MAC Address Aging

Last updated 1 year ago