Enabling port security

Unanswered Question
Nov 14th, 2008

I am enabling port security on all of my switchports. My goal is to stop users from adding small switches or unauthorized wireless AP's to the network. If I use the command “Switchport port-security“ this will limit the port to one MAC address. If a switch is plugging in and 2 machines are plugged into in to it, this should shutdown the port? Also. if I use the command “Spanning-tree bpduguard” this should stop a wireless AP who most like would be doing NAT. The catalyst switch would only see it as one MAC address, but it should send BPDU packets and thus the port would be shutdown.

Am I right on this? Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Edison Ortiz Fri, 11/14/2008 - 08:53

Just be aware if you have VoIP in your network.

The switchport will have 3 MAC-Address associated to it.

As far as the BPDU, YES - if the AP sends BPDU and you have the SP BDPU enabled, the port will be disabled upon receiving the BPDU packet.





This Discussion