Switchport security is a feature commonly found in network switches that helps prevent unauthorized devices from connecting to a network. It is primarily used to control access to a switch port by allowing only specific devices to connect and limiting the number of devices that can connect to a port.

Switchport security works by associating MAC addresses with specific switch ports. MAC addresses are unique identifiers assigned to network interface cards (NICs) of devices. When switchport security is enabled on a port, it monitors the MAC addresses of the devices connected to that port.

There are different modes of switchport security, including:
1. Shutdown mode: In this mode, if an unauthorized device is detected on a switch port, the port is immediately disabled or shut down. This effectively disconnects the unauthorized device from the network. The port remains in the shutdown state until manually re-enabled by an administrator. Shutdown mode is the most restrictive mode and provides a high level of security by completely denying access to unauthorized devices.

2. Restrict mode: In this mode, unauthorized devices are allowed to connect to the switch port, but their network traffic is restricted or limited. The switch may place these devices in a separate VLAN (Virtual Local Area Network) or apply other traffic restrictions such as rate limiting or filtering. By restricting the unauthorized devices' network capabilities, network administrators can monitor their activities and mitigate any potential security risks. Restrict mode strikes a balance between allowing connectivity and controlling access to the network.

3. Protect mode: Protect mode is similar to restrict mode in that unauthorized devices are permitted to connect, but with certain limitations. In this mode, the switch keeps track of the MAC addresses seen on the port. It allows a limited number of MAC addresses to be learned or associated with the port. If the limit is exceeded, the port is put into a state similar to shutdown mode, effectively disabling network connectivity for any additional devices beyond the limit. Protect mode provides a moderate level of security by preventing multiple unauthorized devices from connecting to the network simultaneously.

How switches learns secure MAC addresses:
1. Dynamic Learning:
Dynamic learning is a method used by switches to automatically learn and associate MAC addresses with switch ports as devices are connected to the network. When a switch receives an Ethernet frame, it examines the source MAC address and adds it to its MAC address table, associating it with the port from which the frame was received. This process allows the switch to dynamically build and update its MAC address table as devices are connected or disconnected from the network. Dynamic learning is the default behavior of most switches.

2. Static Learning:
Static learning involves manually configuring MAC addresses on a switch to associate them with specific switch ports. Network administrators explicitly specify which MAC addresses are allowed to connect to particular ports. By statically configuring the MAC addresses, the switch does not learn them dynamically. This method provides a high level of control over network access and is commonly used in situations where a fixed set of devices needs to be connected to specific ports, such as servers or network appliances.

3. Dynamic Sticky Learning:
Dynamic sticky learning combines the benefits of dynamic learning with the ability to create and maintain a secure MAC address table. With dynamic sticky learning enabled, the switch learns MAC addresses dynamically as devices are connected, but it retains the learned MAC addresses even if the devices are disconnected. The switch "sticks" or associates the MAC addresses with the corresponding switch ports. This allows the switch to automatically relearn and associate the MAC addresses when the devices are reconnected. Dynamic sticky learning is useful in environments where devices frequently disconnect and reconnect, providing automatic and dynamic management of the MAC address table while maintaining security and reducing administrative effort.

Switchport security is commonly used in environments where network access control is crucial, such as in office networks, educational institutions, or any scenario where unauthorized access should be prevented. It helps protect against unauthorized users connecting to the network, rogue devices, and certain types of network attacks.