We have 3750G stacks that were recently configured with port-security mac-address sticky on all access ports. A good question was raised about whether this is the best or not for our needs, seeing as half of our users use laptops/docking stations. We need these users to have mobility around the office, e.g. undocking their laptop and bringing it to the conference room to use for a presentation. I've read the manual about how to configure these things, but am not sure what the best strategy/practice is.
So, to allow this mobilty but still use port-security, is using the sticky command a good idea? Or would that be best served for static things like desktops and printers, etc? Is there a global command that can be issued to allow secure MAC addresses to move between ports on the stack? If sticky isn't the thing to use, what is? Maybe just a simple config on each laptop port such as:
switchport mode access
switchport port-security maximum 2
switchport port-security violation restrict
switchport port-security aging type inactivity
switchport port-security aging time 60
Thanks in advance.