I have virus infected PC in the network, I want to block this PC from network, I can shut down the port but if the PC connects to another switch port then it will spread virus, so I have MAC address b870.f400.7979 and I wanted to block this MAC from our network, which ever port this MAC connects then that port should drop this or not allow this on our network
Instead of blocking that particular mac, in port security we are adding trusted macs to ports using different methods, and sets the rule if the conditions violates.
SWITCH(config)# int Gi0/1
SWITCH(config-if)#switchport port-security mac-address 0000.aaaa.bbbb
SWITCH(config-if)#switchport port-security violation shutdown
Refer below document.