Enabling port security

Unanswered Question
Nov 14th, 2008
User Badges:

I am enabling port security on all of my switchports. My goal is to stop users from adding small switches or unauthorized wireless AP's to the network. If I use the command “Switchport port-security“ this will limit the port to one MAC address. If a switch is plugging in and 2 machines are plugged into in to it, this should shutdown the port? Also. if I use the command “Spanning-tree bpduguard” this should stop a wireless AP who most like would be doing NAT. The catalyst switch would only see it as one MAC address, but it should send BPDU packets and thus the port would be shutdown.

Am I right on this? Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Edison Ortiz Fri, 11/14/2008 - 08:53
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Just be aware if you have VoIP in your network.

The switchport will have 3 MAC-Address associated to it.

As far as the BPDU, YES - if the AP sends BPDU and you have the SP BDPU enabled, the port will be disabled upon receiving the BPDU packet.





This Discussion