By default, all Ethernet interfaces on a Cisco switch are turned on. That means an attacker could easily access your network through a wall socket and potentially threaten your network. If we know which end device will be connected to which switch ports, we can use the Cisco port security feature. By using port security, a network administrator can associate specific MAC addresses of an end device with a switch interface, which can prevent an attacker from connecting his device with a switch port. This way we can restrict unauthorized access to a switch interface so that only authorized devices can use the interfaces.

What switch can do?  If an unauthorized device tries to connect to a protected interface?

If an unauthorized device tries to connect with a switch interface which is protected, we can decide what action the switch will take by configuring the violation modes like shutdown, protect and restrict for an unauthorized traffic. For example, shutting down the port or discarding the traffic or discarding the traffic with creating some violations.

If an unauthorized access is observed, the traffic should be discarded by using any of the options or more appropriately, the user should generate a log message in order to observe unauthorized access