port_sequrity with switch hub

szar · January 2015

hello i have a question with port security.i have connected a switch with a hub (in fa 0/1) and 3 pc behind that hub (pc2 with mac .2222 ,pc3 with .3333 ,pc4 with .4444).and a separate pc (pc5 ) in a fa 0/5 port in switch outside hub .the port security config is 2 mac allowed .(4444 ,3333).when i ping from pc5 to pc 2 inside hub of course the port is blocked.but when i ping between pc5 -pc4 packets are allowed .i know that pc4 is allowed to send (through fa/01) but shouldnt pc5 source frame with mac 5555 to be blocked also?

log

Switch#show port-security interface fastEthernet 0/1

Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 2
Total MAC Addresses : 2
Configured MAC Addresses : 2
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0

gorebrush · January 2015

Think about it - port security is just that - port...

You've configured port security on Fa0/1 - so it only applies to that port. Every other device on every other port will not be affected.

Heero · January 2015

Port security is based on the SOURCE MAC ADDRESS of an INBOUND FRAME on the port that port-security is configured on.

If pc5 pings pc4, the echo-request will make it to pc4 without ever being looked at by port-security since it is sent OUTBOUND on port fa0/1. When pc4 responds with an echo-response, it will be examined by port security on fa0/1 because the frame is coming INBOUND to the port. The source mac will be .4444 (pc4) and it will be allowed.

szar · January 2015

thanks heero that was exactly the answer i wanted. i checked it out .first post first answer

keep up good work

port_sequrity with switch hub

Comments