switch#sh port-security int fa0/21 Port Security : Enabled Port Status : Secure-down Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 2 Total MAC Addresses : 0 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address : 0000.0000.0000 Security Violation Count : 0

The action that the device takes when one of these violations occurs can be configured:
Protect -This mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the
allowed MAC address limit. When configured with this mode, no notification action is taken when traffic is dropped. Restrict--This mode permits traffic from known
MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When configured with
this mode, a syslog message is logged, a Simple Network Management Protocol (SNMP) trap is sent, and a violation counter is incremented when traffic is
dropped.
Shutdown - This mode is the default violation mode; when in this mode, the switch will automatically force the switchport into an error disabled (err-disable) state
when a violation occurs. While in this state, the switchport forwards no traffic. The switchport can be brought out of this error disabled state by issuing the errdisable
recovery cause CLI command or by disabling and re-enabling the switchport.
Shutdown VLAN - This mode mimics the behavior of the shutdown mode but limits the error disabled state the specific violating VLAN.