Port Security Question

I have a 2950 at home.

Basically fa0/1 is connected to my home router. Normal 4 port router.

Now on the fa0/1 interface i have set port security up to dynamically sticky an address. I thought this would be the 1 port its connected to on the router. However it doesnt seem to do this. I had to set the maximum to say 10 and it has learnt about 9 addresses so far.

Is the home router actually just a 4 port hub or am I missing something here? Shouldn't there just be 1 MAC address from home router to the switches fa0/1 interface?

If you need me to post up my config for the port, please let me know.

Thanks in advance.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

VinnyCisco

Your router may also be a switch. What is the model and make of your router?

Cider

VEGN2610 | Gateways | Telco | Service Providers | NETGEAR'

Should I be trunking on that port for whatever reason?

EDIT: On a side note I have GNS3 up and my GNS3 router that is connected to my LAN sees the switch as a CDP neighbor thus it is "directly connected".

ande0255

Have you tried clearing the mac table on the switch to see if that kicks it into gear?

Jon_Cisco

Most likely the home router has a built in 4 port switch that is sending all traffic out the interface. So your 2950 is learning each new device that sends any kind of traffic on the network. This could be phones computers laptops etc...

Try comparing the mac addresses to your devices and see if you can identify them.

You could try to use wireshark to see the traffic. I think you might have to do port mirroring to capture the interface traffic. It has been a while since I played with that.

Good Luck and have fun!

Cider

Have you tried clearing the mac table on the switch to see if that kicks it into gear?

Yes, no joy. I will try and reconfigure it from scratch.

Most likely the home router has a built in 4 port switch that is sending all traffic out the interface. So your 2950 is learning each new device that sends any kind of traffic on the network. This could be phones computers laptops etc...

Try comparing the mac addresses to your devices and see if you can identify them.

You could try to use wireshark to see the traffic. I think you might have to do port mirroring to capture the interface traffic. It has been a while since I played with that.

Good Luck and have fun!

Yes, all the mac addresses are devices that are currently on my network. I am surely misunderstanding how port security works on this setup.

stylezunknown

^ this.