port_sequrity with switch hub

szar

hello i have a question with port security.i have connected a switch with a hub (in fa 0/1) and 3 pc behind that hub (pc2 with mac .2222 ,pc3 with .3333 ,pc4 with .4444).and a separate pc (pc5 ) in a fa 0/5 port in switch outside hub .the port security config is 2 mac allowed .(4444 ,3333).when i ping from pc5 to pc 2 inside hub of course the port is blocked.but when i ping between pc5 -pc4 packets are allowed .i know that pc4 is allowed to send (through fa/01) but shouldnt pc5 source frame with mac 5555 to be blocked also?

---

log

---

Switch#show port-security interface fastEthernet 0/1

Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 2
Total MAC Addresses : 2
Configured MAC Addresses : 2
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0

gorebrush

Think about it - port security is just that - port...

You've configured port security on Fa0/1 - so it only applies to that port. Every other device on every other port will not be affected.

Heero

Port security is based on the SOURCE MAC ADDRESS of an INBOUND FRAME on the port that port-security is configured on.

If pc5 pings pc4, the echo-request will make it to pc4 without ever being looked at by port-security since it is sent OUTBOUND on port fa0/1. When pc4 responds with an echo-response, it will be examined by port security on fa0/1 because the frame is coming INBOUND to the port. The source mac will be .4444 (pc4) and it will be allowed.

szar

thanks heero that was exactly the answer i wanted. i checked it out .first post first answer keep up good work