Switch Port Security Mechanisms in Cisco Networks: Configuration and Performance Evaluation

Abstract

As enterprise networks grow in complexity and size, the security of access layer infrastructure
especially Ethernet switches becomes critical. Unauthorized access, MAC address flooding, and DHCP spoofing are among the most common threats that originate at the Layer 2 level. Cisco switches offer a variety of security features to combat these threats, including MAC address filtering, port violation modes (protect, restrict, shutdown), sticky MAC learning, and DHCP snooping. This paper presents a configuration and performance based evaluation of these mechanisms using both Cisco Packet Tracer simulations and real world tests on Catalyst 2960 series switches. Key attack scenarios such as MAC flooding and rogue DHCP server injection were simulated. Metrics like interface recovery time, packet drop behavior, and syslog accuracy were recorded. The results show that sticky MAC learning is effective for static environments, while violation mode ―shutdown‖ provides rapid threat containment at the cost of temporary port unavailability. DHCP snooping successfully blocked unauthorized offers but required careful configuration to avoid false positives. We also propose a dynamic port security policy that adapts based on time of day and historical device behavior. This study provides actionable insights for network administrators aiming to secure Layer 2 access without impeding operational continuity.