Solved CCENT Port Security - Protect vs Restrict

---

Hi!

I was just watching the Port Security video for the CCENT course and at approx 38:30, Don clarifies Protect vs Restrict. Unfortunately either I'm not understanding things properly or there's a minor mistake in the video.

In the video, Don says that Protect lets the violation occur, but logs the issue. He also says that Restrict stops the unknown mac address from talking, but allows the known ones to continue.

Other sources of information say that that information is backwards.
(http://www.ciscopress.com/articles/article.asp?p=1722561)

Protect—This mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When configured with this mode, no notification action is taken when traffic is dropped.

Restrict—This mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When configured with this mode, a syslog message is logged, a Simple Network Management Protocol (SNMP) trap is sent, and a violation counter is incremented when traffic is dropped.

Neither mode seems to allow a violation to actually occur. Protect will drop the frame and Restrict will drop the frame and log the issue.

@Vishal-Gupta,

We had this happen during the recording of that episode and believe we had corrected it. I'll get Nate to look at see if we have the corrected recording up!

Thanks! If it turns out that the corrected video is already up there, please let me know and I'll revisit my understanding of the topic Love the content/presentation so far!

@Vishal-Gupta,

I went back through the episode itself and found the following:
I'll summarize Don’s description of port-security:

1. Shutdown: shuts down the interface. (err-disabled)

2. Protect: doesn’t block and generates a log (he shows a demonstration of log generated).

3. Restrict: basically a limitation of who can get through the port.

My summary of normal description of port-security:

1. Shutdown: shuts down the interface. (err-disabled)

2. Protect: only allowed MAC address is permitted to pass; all other traffic is dropped. The log generation is not normally mentioned.

3. Restrict: similar to protect but increase a violation counter.

I’m not sure which details are wrong. I too was questioning “PROTECT” log generation with Don but he did show where a log was set. This was the only place I could see a real difference between my summarized description (above) of port-security. I would say that Don is incorrect here except that he showed on actual equipment that a log is generated.

I'll take your word at it that things work that way in the real world For now, I'll just stick with Cisco's description of Protect and Restrict as per my original post. I figure that'll at least get me through the Cisco exam