Switch Security inclues:
MAC flooding attack
1) attacker floods CAM table with frames with numerous invalid source MAC, valid hosts can not create CAM entries.
2) normal traffic therefor flooded
A) Port security
1) unauthorized MAC address
2) MAC address limit (1 by default)
3) Define violation action
a) shutdown (put the port in err-disabled mode and send snmp trap)
b) restrict (drop frame, send snmp trap)
c) protect (drop frame, dont send snmp trap)
To recover the port state from err-disabled, there are two ways of doin' that:
1) shutdown, no shutdown command be excuted.
2) errdisable recovery cause psecure-violation (300 seconds by default)