I have been working on a Cisco Catalyst 2960 in an academic library setting. I have connected an unmanaged switch to 0/4 for public terminal connections, of which there are currently ten. In order to prevent library patrons from unplugging the network cable to the public terminals and connecting their own laptops, I have implemented MAC address security on the port to which the unmanaged switch is connected.
There are a few other data outlets in the library, which the librarians wish to use by connecting their laptops for presentations and tutorial sessions. Due to limited space on the 2960 Catalyst, I connected those various data ports to the unmanaged switch, and added the librarians' laptops' MAC addresses to the list of permitted addresses -- the goal was to enable the ports only for library staff, and not for public use.
All was well until later, when we discovered that one of the librarians, whose laptop is her primary system, could not connect from any other port on the Catalyst 2960 -- _only_ on port 0/4, where her MAC address was in the list.
In all the documentation I've read I have found nothing that would suggest this as a byproduct of using port security based on MAC address learning. At least in my understanding, having her MAC address in the list should have -allowed- her computer on that port and not affected any of the other ports at all.
Is my understanding incorrect? If not, has anyone else encountered this anomaly? If so, how did you resolve it? -Did- you resolve it?