I am trying to understand a port security configuration.
I want to configure port security to only allow the addresses attached to the ports on the switch as they are right now.
I was trying to do this without entering every single mac-address.
I configured the ports as shown, depending on the number of devices attached (phone/workstation or just a phone or just a prininter).
I configured a phone port as shown below, unplugged the existing phone and plugged in another and it came up just fine.
after that, I put the original phone mac address in rather than the "max 1" command and the port kept shutting down due to violation after plugging the original phone back in.
My questions are:
Does the config shown allow "ANY" single mac address on the port?
Shouldn't the stickey add the mac from dynamic to static on the port?
What are the aging parts doing?
Would the port keep shutting down after entering the mac because the second phone mac-address I tried was in the port?
It seems that with "sticky" configured, the original phone would have entered the mac as a static address and not let me boot the second phone at all, but that was not the case.
I was able to put the first phone on the port and boot, then put the second phone on the port, remove it and put the first one back.
switchport port-security aging time 5
switchport port-security violation shutdown
switchport port-security aging type inactivity
switchport port-security mac-address sticky