Port security allows you to control the number of MAC addresses that can be learned on a single switch port. It is enabled on a per interface basis. It can protect against malicious
When BPDU Guard is enabled and a switch port receives a BPDU it stops forwarding and disables itself. It is common to enable this on a access port, usually in addition to portfast.
The best practices for securing switches; Select an unused VLAN (other than VLAN1) and use for the native VLAN on all trunks Avoid using VLAN1 anywhere because it is the default Admin configure
Root Guard is a mechanism that allows the administrator to control where candidate root bridges can be connected to the network, it will basically prevent the wrong switch (say a random one just