Port Security?
UsualSuspect7
Member Posts: 97 ■■■□□□□□□□
in CCNA & CCENT
I have a question about an S1 0/0 connected to S2 0/1:
S1: interface S0/0
switchport mode access
switchport port-security
switchport port-security max 1
switchport port-security mac-address sticky
speed auto
duplex auto
S2: interface s0/1
switchport mode access
switchport port-security
switchport port-security max 1
switchport port-security mac-address sticky
speed auto
duplex auto
but let's say S2 has a boat load of connections, what mac address would populate within the cam table?
S1: interface S0/0
switchport mode access
switchport port-security
switchport port-security max 1
switchport port-security mac-address sticky
speed auto
duplex auto
S2: interface s0/1
switchport mode access
switchport port-security
switchport port-security max 1
switchport port-security mac-address sticky
speed auto
duplex auto
but let's say S2 has a boat load of connections, what mac address would populate within the cam table?
CISSP, CCENT, CCNA R/S, CCNA Cyber OPs, Security+, CySA+, PenTest+, Network+, Microsoft AZ-900, InsightVM CA
Comments
-
tunerX Member Posts: 447 ■■■□□□□□□□UsualSuspect7 wrote: »I have a question about an S1 0/0 connected to S2 0/1:
S1: interface S0/0
switchport mode access
switchport port-security
switchport port-security max 1
switchport port-security mac-address sticky
speed auto
duplex auto
S2: interface s0/1
switchport mode access
switchport port-security
switchport port-security max 1
switchport port-security mac-address sticky
speed auto
duplex auto
but let's say S2 has a boat load of connections, what mac address would populate within the cam table?
The first one learned on the port. -
UsualSuspect7 Member Posts: 97 ■■■□□□□□□□The first one learned on the port.
So it would learn the mac of the S2, but would it allow all other devices connected to S2 to communicated with S1?CISSP, CCENT, CCNA R/S, CCNA Cyber OPs, Security+, CySA+, PenTest+, Network+, Microsoft AZ-900, InsightVM CA -
tunerX Member Posts: 447 ■■■□□□□□□□You set the max to 1. Once there is one mac learned from the first frame received... that's the end of it.
Any frame received with a different source mac address will cause the port to error/operate based on your settings. -
UsualSuspect7 Member Posts: 97 ■■■□□□□□□□You set the max to 1. Once there is one mac learned from the first frame received... that's the end of it.
Any frame received with a different source mac address will cause the port to error/operate based on your settings.
So when connected a Switch to another Switch it's not recommended to use port security? or at least not set a max value?CISSP, CCENT, CCNA R/S, CCNA Cyber OPs, Security+, CySA+, PenTest+, Network+, Microsoft AZ-900, InsightVM CA -
Danielh22185 Member Posts: 1,195 ■■■■□□□□□□UsualSuspect7 wrote: »So when connected a Switch to another Switch it's not recommended to use port security? or at least not set a max value?
No. The purpose of port security is to control user access. Now there are some mechanisms like root guard that protect the switch from giving up it's root status to another one that might come along that has a better BID but switch-to-switch connections should not have port-security. The idea behind that is because they that trunk link is a trusted network connection that should not be changing often like a user port would.Currently Studying: IE Stuff...kinda...for now...
My ultimate career goal: To climb to the top of the computer network industry food chain.
"Winning means you're willing to go longer, work harder, and give more than anyone else." - Vince Lombardi -
TechGromit Member Posts: 2,156 ■■■■■■■■■□UsualSuspect7 wrote: »So when connected a Switch to another Switch it's not recommended to use port security? or at least not set a max value?
I assume you don't mean with fiber, you mean to connecting one switch to another using Cat. 5 cable, plugging it into one of the ports on the switch. Since you have port security, Switch 1, will learn the Mac address of switch 2 and it will allow it to work perfectly fine, but once you plug other devices into Switch 2, Switch 1 will reject all the traffic from those devices. Switch 2 devices will be restricted to only talking to each other on switch 2. What are you trying to accomplish here? Are you learning/studying or you trying to secure your network?Still searching for the corner in a round room.