Port Security?

I have a question about an S1 0/0 connected to S2 0/1:

S1: interface S0/0
switchport mode access
switchport port-security
switchport port-security max 1
switchport port-security mac-address sticky
speed auto
duplex auto

S2: interface s0/1
switchport mode access
switchport port-security
switchport port-security max 1
switchport port-security mac-address sticky
speed auto
duplex auto

but let's say S2 has a boat load of connections, what mac address would populate within the cam table?

Find more posts tagged with

Comments

tunerX

UsualSuspect7 wrote: »

I have a question about an S1 0/0 connected to S2 0/1:

S1: interface S0/0
switchport mode access
switchport port-security
switchport port-security max 1
switchport port-security mac-address sticky
speed auto
duplex auto

S2: interface s0/1
switchport mode access
switchport port-security
switchport port-security max 1
switchport port-security mac-address sticky
speed auto
duplex auto

but let's say S2 has a boat load of connections, what mac address would populate within the cam table?

The first one learned on the port.

UsualSuspect7

tunerX wrote: »

The first one learned on the port.

So it would learn the mac of the S2, but would it allow all other devices connected to S2 to communicated with S1?

tunerX

You set the max to 1. Once there is one mac learned from the first frame received... that's the end of it.

Any frame received with a different source mac address will cause the port to error/operate based on your settings.

UsualSuspect7

tunerX wrote: »

You set the max to 1. Once there is one mac learned from the first frame received... that's the end of it.

Any frame received with a different source mac address will cause the port to error/operate based on your settings.

So when connected a Switch to another Switch it's not recommended to use port security? or at least not set a max value?

Danielh22185

UsualSuspect7 wrote: »

So when connected a Switch to another Switch it's not recommended to use port security? or at least not set a max value?

No. The purpose of port security is to control user access. Now there are some mechanisms like root guard that protect the switch from giving up it's root status to another one that might come along that has a better BID but switch-to-switch connections should not have port-security. The idea behind that is because they that trunk link is a trusted network connection that should not be changing often like a user port would.

TechGromit

UsualSuspect7 wrote: »

So when connected a Switch to another Switch it's not recommended to use port security? or at least not set a max value?

I assume you don't mean with fiber, you mean to connecting one switch to another using Cat. 5 cable, plugging it into one of the ports on the switch. Since you have port security, Switch 1, will learn the Mac address of switch 2 and it will allow it to work perfectly fine, but once you plug other devices into Switch 2, Switch 1 will reject all the traffic from those devices. Switch 2 devices will be restricted to only talking to each other on switch 2. What are you trying to accomplish here? Are you learning/studying or you trying to secure your network?