Security fundamentals
⏱ ~3-min readAceMark GuideWhat this topic is really about
With the default shutdown violation mode, port security puts a port into err-disabled when a violation (e.g., a MAC beyond the allowed maximum) occurs, and the port must be manually re-enabled or use errdisable recovery. An unplugged cable causes down/down, not err-disabled.
Port security limits a switch port to one or a small set of MAC addresses, protecting against MAC flooding and rogue device attachment. Encryption belongs to MACsec, compression is not a port-security feature, and RADIUS auth is the job of 802.1X (port-based NAC).
See the mechanism
Port security limits a switch port to one or a small set of MAC addresses, protecting against MAC flooding and rogue device attachment. A diagram for this topic isn't available yet — the worked example below walks the same reasoning step by step.
An exam-style question, fully explained
Which is a key benefit of port security on a Cisco access switch?
- Identify what the question tests: Which is a key benefit of port security on a Cisco access switch.
- Port security limits a switch port to one or a small set of MAC addresses, protecting against MAC flooding and rogue device attachment.
- Encryption belongs to MACsec, compression is not a port-security feature, and RADIUS auth is the job of 802.1X (port-based NAC).
Traps the examiner sets
- Read each option carefully — distractors on Security fundamentals are designed to look plausible.
- Re-check the exact wording of the question stem before committing to an answer.
- Watch the qualifiers ("always", "only", "except") that flip a correct-looking option.
Test your recall
Answer each from memory — you'll see instantly whether you're right and why.
Run a focused 10-question mini-mock on Security fundamentals and see it stick.
Practice more of this topic →