Switchport MAC Max 1 behavior

KPWright · November 2009

Folks,

My references aren't particularly clear (or I can't tell that they are) with respect to port security.

Can anyone confirm the behavior of a switch port when the following is invoked:

Switch(config-if)# switchport port-security maximum 1
Switch(config-if)# switchport port-security

Specifically, does the port simply restrict connections to a single MAC at a time (ie no additional distribution) or does it capture the first MAC connected and only allow that one (pending initialization)? Assume nothing is done with "Sticky".

Thanks for the help.

Kevin

laidbackfreak · November 2009

"switchport port-security maximum 1"

This command will allow 1 mac address to use the port, all others will be denied.

The "sticky" option will retain it. and add it to the running config.

IF you havent saved the config on reboot the "sticky" will have to re-learn them.

hth

ColbyG · November 2009

The default behavior is to shut the port down. If you want the port to stay up, but prevent more than one MAC at a time you would use "protect" or "restrict". We use restrict on all of our ports here.

KPWright · November 2009

Thanks for the feedback.

I did manage to find a place to lab this out later in the evening. Looks like the port will be secured for the first MAC seen connected once the port-security command is invoked. So if multiple hosts are connected, the first one to transmit wins. Clearing this does not require shutdown of the switch, but does require shut / no shut on the interface before another MAC can be captured.

Thanks again.

Kevin

Switchport MAC Max 1 behavior

Comments