The present invention relates generally to data communications. More particularly, the present invention relates to per-port protection against denial-of-service and distributed denial-of-service attacks for network switches.