Topic

Port Security practice labs

17 hands-on Port Security scenarios you build in your own Cisco Modeling Labs instance and grade against the answer key. Focused Port Security configuration and troubleshooting practice for CCNA and CCNP.

BeginnerUnlock

CCNA Port Security 1: Enable & Verify on Access Ports

Hands-on fundamentals with Cisco port security on host-facing access ports. Build a small two-switch campus with a trunk, place two Linux hosts in the same user VLAN, then enable port security with the explicit defaults (maximum 1, violation shutdown) on both host ports. Verify secure-up state and baseline host connectivity.

Track
CCNA
Duration
40 min
IntermediateUnlock

CCNA Port Security: Maximum Secure MACs on Access Ports

Deploy and verify port security maximum settings on host-facing access ports in a pure Layer-2 campus with two access switches uplinked to a distribution switch. You will raise the allowed secure MAC count to 2 on each user port to support a PC and a potential downstream device (e.g., a dock), then verify with show commands. No Layer-3, SVIs, or routing are used; focus purely on access VLANs, trunks, and the port-security maximum behavior.

Track
CCNA
Duration
45 min
AdvancedUnlock

CCNA Capstone: Port Security Troubleshooting

Advanced CCNA port-security troubleshooting on a pure Layer-2 design. Two access switches linked by an 802.1Q trunk carry a Users VLAN across closets. Three Alpine Linux hosts are pre-addressed. The lab is intentionally shipped with multiple classic faults: one access port is err-disabled due to a prior port-security shutdown, one user-facing port lacks port-security altogether, another has the wrong violation mode and an overly restrictive maximum, and one port has an incorrect static secure-MAC configured. Your job is to diagnose using show commands, restore connectivity, and implement the intended security posture with sticky MACs, the correct maximum, the proper violation mode, and errdisable auto-recovery—without placing port-security on the trunk.

Track
CCNA
Duration
55 min
IntermediateUnlock

CCNA Port Security: Violation Protect vs Restrict

Deploy and compare the two non-disabling port-security violation modes on host-facing access ports. Build a small Layer-2 topology with a trunk between two switches and same-VLAN hosts. Configure violation protect on one access port and restrict on another using deterministic sticky MAC entries. Validate baseline reachability, then observe the different behaviors: protect silently drops with no counter/logs; restrict drops and increments the violation counter.

Track
CCNA
Duration
45 min
IntermediateUnlock

Port Security: Err-Disable Auto Recovery

Configure port security in shutdown mode on host-facing access ports and enable automatic errdisable recovery for psecure-violation. The lab uses two Layer-2 switches connected by a trunk and three Linux hosts in the same VLAN to validate baseline L2 connectivity. You will deploy and verify the global errdisable recovery timer and cause while keeping the trunk healthy. Focus is on deterministic configuration and verification via show commands rather than attempting to trigger live violations.

Track
CCNA
Duration
45 min
IntermediateUnlock

Port Security: Voice + Data on One Access Port

Harden a real desk port that carries both data (PC) and voice (IP phone) using switchport voice vlan and access vlan on a single access port. Apply port security with a maximum that accounts for two MAC addresses (phone + PC) so a third device is restricted. A deliberate trunk allow-list drift on the inter-switch link initially blocks the Voice VLAN; learners must repair the trunk and then verify port-security state on the desk port.

Track
CCNA
Duration
55 min
BeginnerUnlock

CCNA Port Security 2: Sticky Secure MAC Learning

Two access-layer switches have a VLAN 20 connectivity problem: users in one wiring closet cannot reach users in the other. Diagnose and repair the issue, then deploy sticky secure MAC learning on the host-facing access ports so each port dynamically learns and persists its connected host's MAC. Verify sticky entries in show commands and confirm same-VLAN host connectivity end-to-end.

Track
CCNA
Duration
45 min
IntermediateUnlock

CCNA Port-Sec 7: Static Secure MAC Binding

Troubleshoot a Layer-2 forwarding fault that breaks a user VLAN between access/distribution switches, then implement static secure MAC binding on the client-facing access port. You will restore end-to-end VLAN 20 reachability and enforce a single authorized MAC on the user port using port-security with violation restrict.

Track
CCNA
Duration
55 min
AdvancedUnlock

CCNA Port-Sec 9: Multi-Port Sticky Restrict Policy

Advanced CCNA switchport port-security rollout on multiple access ports across two Layer-2 switches with a trunk. You will standardize a consistent edge policy (sticky MAC learning, maximum 1, violation restrict) on all host-facing access ports while leaving the uplink trunk exempt from port-security. Includes a realistic drift on the trunk allow-list and VLAN database to fix before validating end-to-end user VLAN transport. Pure Layer-2: no SVIs or routing.

Track
CCNA
Duration
58 min
IntermediateUnlock

CCNA Port Security 5: Violation Shutdown & Manual Recovery

Hands-on CCNA L2 switching lab: build a small campus with a distribution switch and two access switches carrying a shared user VLAN over 802.1Q trunks. Harden access ports with sticky port-security in violation shutdown mode. Intentionally seed and diagnose broken trunks/host VLANs, restore end-to-end host reachability, then trigger a port-security violation to observe err-disabled behavior and perform manual recovery.

Track
CCNA
Duration
65 min
IntermediateDailyLocked

CCNA Foundations: L2 Day 7 — VLANs, Trunks & Port Security

Deploy VLANs, hardened 802.1Q trunks, router-on-a-stick inter-VLAN routing, and sticky port security in a compact branch topology. Verify from real hosts and troubleshoot common misconfigurations.

Track
CCNA
Duration
75 min

Archive preview only

BeginnerDailyLocked

CCNA Foundations Series: Layer 2 Day 6

Deploy and troubleshoot VLANs, 802.1Q trunks, and port security in a realistic small-branch ROAS design. You will stand up VLANs 10/20/99 with a hardened trunk native VLAN 999, configure sticky port security on access ports, correct a misassigned VLAN, and resolve an err-disabled port caused by a port security violation. Finish by verifying end-to-end host connectivity across VLANs.

Track
CCNA
Duration
55 min

Archive preview only

IntermediateDailyLocked

CCNA Foundations Series: Layer 2 Day 5

Implement VLANs, 802.1Q trunking, router-on-a-stick inter-VLAN routing, and access-layer port security on a compact branch network with two access switches and two endpoints. You will configure segmentation (VLANs 10, 20, 99), hardened trunks with a dedicated native VLAN 999, Layer 3 gateways on a core router, and sticky MAC port security on user-facing ports. Verify end-to-end reachability and remediate common misconfigurations like missing allowed VLANs, native VLAN mismatches, and unauthorized endpoint moves.

Track
CCNA
Duration
68 min

Archive preview only

BeginnerDailyLocked

CCNA Foundations Series: Layer 2 Day 4

Hands-on CCNA Layer 2 switching lab: build VLANs, access ports, hardened 802.1Q trunks, and basic port-security across two access switches and an L2 core. Verify segmentation end-to-end from real hosts and practice troubleshooting native-VLAN and port/VLAN mismatches.

Track
CCNA
Duration
55 min

Archive preview only

BeginnerDailyLocked

CCNA Day 3: VLANs, Trunking, and Layer 2 Security

Hands-on CCNA lab: build VLANs for Sales and Engineering, implement 802.1Q trunks with a hardened native VLAN, assign access ports, and apply sticky MAC port-security on access interfaces. The design uses a compact, realistic branch topology with a router-on-a-stick gateway, a distribution L2 switch, one access L2 switch, and two end hosts. Students deploy, verify, and troubleshoot VLAN reachability, trunk integrity, and port-security violations.

Track
CCNA
Duration
70 min

Archive preview only

BeginnerDailyLocked

CCNA Day 2: VLANs and Port Security

Configure a compact branch LAN with router-on-a-stick inter-VLAN routing, two access switches, and two user VLANs. Implement VLANs, 802.1Q trunks with a hardened native VLAN, secure user-facing ports with port-security, and verify end-to-end reachability from the hosts. Includes realistic troubleshooting of VLAN assignment, trunk allow-lists, and port-security violations.

Track
CCNA
Duration
65 min

Archive preview only

BeginnerDailyLocked

CCNA Foundations Day 1: VLAN and Port Security

Build and harden a small branch campus Layer 2 network with a distribution switch and two access switches. Implement VLANs, trunking, and basic port security, then verify from the end hosts and troubleshoot common L2 mistakes.

Track
CCNA
Duration
75 min

Archive preview only

Learn Port Security

Study the theory behind these labs — the concept explainer and step-by-step guides.

Looking for something else? Browse the full lab archive or see today's daily lab.