Hello Markos
Using port security we can do several things. We can restrict the use of a switch port to only one specific preconfigured MAC address or we can specify that only a single MAC address should be seen to be using this port. We can even use IP source guard to determine which will be the allowed source IP address that can use the interface, even on an L2 switch.
The first case will allow us to lock the port down such that only a specific computer having a specific MAC address can connect to that port. If this were implemented, then port security would indeed block the use of an access point. It would actually block the use of ANY device other than the computer with the specified MAC address. However, this port security scheme is not used that often because it has a very large administrative overhead, especially in environments where many moves adds and changes take place.
The more common port security scenario, and the one that Rene is referring to in this lesson, is when port security is implemented so that only a single MAC address will be allowed on a port of a switch. This prevents users from bringing their own switches and connecting multiple devices to it because each of those devices will send a different source MAC address to the switch and will trigger the port security threshold. Additional port security scenarios include the use of IP source guard where packets from the specific IP address associated with the single allowed MAC address will only be permitted and all other hosts will be rejected.
These port security features cannot be used to prevent the use of a rogue access point because the access point will create a separate subnet for its wireless users and it will use NAT to translate all of those users to a single IP address for the switch-facing interface. Any and all traffic from users on the impromptu wireless network will appear to the switch using the legitimate single MAC address allowed and the legitimate single associated IP address. Thus, all traffic will be allowed through.
I hope this has been helpful!
Laz