Ease troubleshooting by setting what happens in case of a switchport violation

For security, you may want to limit the number of computers that can be connected to a given portion of the network. If there are too many, this may indicate that there are connections that don't belong there. Accordingly, the following command limits the number of MAC addresses that can be connected to a given interface (for example, in this case it limits the port to 10 addresses):

   switchport port-security maximum 10

However, if you don't configure something to happen if that limit is reached, then by default the port will just shut down. This can be a good security practice for ultimate lockdown; however, if you need to troubleshoot why the maximum is being reached, then it's helpful to specify what should happen when that happens, which you can do with the following command:

   switchport port-security violation restrict

There are actually three options you can use at the end of this command to specify what should happen in case of a violation:

protect - This ignores traffic until the violation condition goes away.
restrict - This is the same as "protect" except that it sends an SNMP trap, so you can know what's happening and when.
shutdown (the default) - This causes the port to shut down completely.

For troubleshooting or figuring out what the proper configurations should be, use the "restrict" option, as it gives you the most information.