Port security

4.3 Given a scenario, apply network security features, defense techniques, and solutions

Network Access Control (NAC)

📘CompTIA Network+ (N10-009)

What Is Port Security?

Port security is a technique used to restrict access to a network by controlling the devices that are allowed to connect through a switch port.
Each network device (like a computer, printer, or VoIP phone) has a unique MAC address, and port security uses these MAC addresses to decide whether a device is allowed or blocked.

If an unknown or unauthorized MAC address tries to access the network through that port, the switch takes protective action.

Why Port Security Is Important

Port security helps protect against:

✔ Unauthorized device access

Someone connecting their own device to the network without permission.

✔ MAC spoofing

Someone trying to impersonate another device using a fake MAC address.

✔ Network attacks

Such as:

  • CAM table overflow attacks
  • Rogue devices
  • Internal network misuse

✔ LAN segmentation control

Ensures only approved devices exist on specific network segments.

For the Network+ exam, remember that port security strengthens network access control by validating devices before they can communicate.

Key Port Security Concepts (Must-Know for the Exam)

1. Allowed MAC Addresses (Static, Dynamic, Sticky)

Port security uses three types of MAC address assignments:

Static MAC Address

  • Admin manually adds a specific MAC address to a switch port.
  • Only that address is allowed.
  • Most secure but requires manual configuration.

Dynamic MAC Address

  • Switch learns the MAC address automatically when a device connects.
  • The learned MAC address is stored temporarily (not saved after reboot).

Sticky MAC Address

  • Switch learns the MAC address dynamically and stores it in the running configuration.
  • When saved, it becomes permanent.
  • Combines convenience and security.
  • Very common in enterprise networks.

Exam tip: Sticky learning is the best combination of security + ease of administration.

2. Maximum MAC Addresses per Port

Port security allows you to limit the number of devices permitted on a port.
Common uses:

  • 1 device for desktops
  • 2 devices for a VoIP phone + workstation daisy-chain
  • More devices for hubs or small office setups (rare today)

If the number of connected MAC addresses goes over the limit, the port triggers a security violation.

3. Port Security Violation Actions

When a violation occurs (unauthorized MAC or too many MACs), the switch can react in different ways.
These actions are exam must-know:

A. Protect

  • Drops packets from unauthorized MAC addresses.
  • Does NOT notify the admin.
  • Port stays active.

B. Restrict

  • Drops unauthorized packets.
  • Sends a notification/log entry.
  • Port stays active.

C. Shutdown (default mode)

  • The port goes into err-disabled state.
  • All network traffic is blocked.
  • Admin must manually re-enable the port (or use auto-recovery timers).

Exam tip:
Shutdown is the default and strongest response.

4. Port Security + NAC

Port security supports NAC by validating device identity at the Layer 2 (MAC address) level before granting network access.

While NAC solutions like 802.1X authenticate users and devices more deeply, port security still provides an important base layer of access control.

NAC + Port Security helps to:

  • Block unknown devices
  • Segregate trusted vs untrusted devices
  • Improve compliance with network policies

5. Common Port Security Use Cases in IT Environments

Protecting user workstations

Only approved corporate devices are allowed.

Securing VoIP phones and IP office equipment

Port security ensures only authorized phones and workstations connect.

Blocking unmanaged switches or hubs

Unauthorized network expansion is prevented.

Stopping MAC flooding attacks

Port security keeps the switch CAM table from being overloaded.

6. Port Security Best Practices (Network+-Relevant)

  • Allow only 1 or 2 MAC addresses per port.
  • Use sticky MAC address learning where manual configuration is not practical.
  • Regularly check logs for violation alerts.
  • Use the restrict or shutdown actions for stronger security.
  • Combine port security with:
    • 802.1X authentication
    • VLAN segmentation
    • DHCP snooping and Dynamic ARP Inspection
  • Disable unused switch ports.

7. What the Network+ Exam Wants You to Know

You should understand:

✔ What port security does

Limits access based on MAC addresses.

✔ Why it’s used

To prevent unauthorized devices from connecting.

✔ How it works

Static, dynamic, sticky MAC addresses.

✔ What happens during violations

Protect, restrict, shutdown.

✔ Where it’s deployed

On managed switch ports.

✔ Its role in NAC

Acts as a first line of device-level access control.

Summary

Port security is a switch-level security feature used to control network access using MAC addresses. It ensures that only trusted, authorized devices can connect to the network. The switch monitors what MAC addresses appear on each port and enforces strict rules to block suspicious or unauthorized devices.

For the Network+ exam, focus on:

  • Static / Dynamic / Sticky MAC addresses
  • Maximum MAC address limits
  • Violation modes (protect, restrict, shutdown)
  • How port security fits into NAC
  • Why port security is used to secure access at Layer 2

Leave a Reply

Your email address will not be published. Required fields are marked *

Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by