I am enabling port security on all of my switchports. My goal is to stop users from adding small switches or unauthorized wireless AP's to the network. If I use the command âSwitchport port-securityâ this will limit the port to one MAC address. If a switch is plugging in and 2 machines are plugged into in to it, this should shutdown the port? Also. if I use the command âSpanning-tree bpduguardâ this should stop a wireless AP who most like would be doing NAT. The catalyst switch would only see it as one MAC address, but it should send BPDU packets and thus the port would be shutdown.
Am I right on this? Thanks.