Unanswered Question
May 24th, 2009

Hi All,

The scenario is in my network there are three devices connected 1 cisco router and 2 L2 switch.

First route 1 connected SW1 and SW1 connected to SW2. The SW2 has mac security enabled, it only allow one mac address with security violation shutdown.

What my problem is SW1 forwarding 2 mac address to SW2, one router's mac address and its own connected mac. So SW2 is blocking the port connected to SW1. Is there any way to forward only one Mac address of routers instead of SW1 to SW2.

Please suggest me how can I solve this problem.

Thank You


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Giuseppe Larosa Mon, 05/25/2009 - 02:49

Hello Ramesh,

generally spaking port security should be used only on user ports where end user devices (PCs) are connected.

On a port that connects to another switch there is a potential to see multiple MAC addresses even 200 or more !

So in a real world deployment you should disable port security on ports that connect to other switches.

Hope to help


ramesh.karki Mon, 05/25/2009 - 03:43

Hi Giuseppe,

my scenaro is quite stupid, lets say the SW2 is out of my control(domain),

how would you like to suggest me in this case.

Thank You,


Giuseppe Larosa Mon, 05/25/2009 - 12:25

Hello Ramesh,

if SW2 is out of your control you can only connect the router directly to Sw2.

In this way you are sure the only source MAC address is that of the router (if the interface is configured for routing)

Hope to help


ramesh.karki Mon, 05/25/2009 - 20:02

Hi Giuseppe,

It means there is no such way to forward single mac address connected one switch from another switch.

Thank for your kind full help.



This Discussion