my goal is to limit 1 mac address per port and restrict any unauthorized hub or switch.
I have port-security enabled and set maximum mac to 1. I enabled spanning-tree portfast bpduguard default, and all access ports are spanning-tree portfast enabled.
this works well in most cases. but what if someone were to connect the WAN interface of a Linksys router to the switch interface. because the Linksys does NAT, I can have several devices connected to it and the switch should only see 1 address.
What other IOS security feature can I implement to prevent this? If none, what are my alternatives? thanks.