Currently we are about to implement port-security to keep people from plugging switches into cube ports. I am aware and have used the sticky-mac authentication, coupled with protect violation mode via:
switchport mode access
switchport port-security violation protect
This is a problem, however, when people want to plug their laptops into other peoples jacks (showing them sales figures, etc) and will add to some administration headache.
The real reason we will be implementing this policy is to eliminate the ability for people to plug in switches.
Is there any way to allow only one MAC address across a port (to allow people to plug in their laptops in multiple cube jacks) but not allow multiple macs from coming down from one port (and thus eliminating the possibility someone will plug in a switch)?
Even if I allow...say...the port to learn 10 mac addresses...it is still possible one of those macs will be a switch...which is what we wish to squash.