We recently purchased a new SF300, the main goal was using the port security option as a NAC.
I was expecting to be able to define a list of authorized MAC addresses, but unfortunately it's not the case.
I used port security on "Classic Lock".
knowing that I can't have all computers being connected at the same time (because of displacement), when someone to be authorized is here I'm forced to disable the security so that the switch can learn his MAC address,
the problem is that when I do it, MAC addresses that are already learnt are forgotten if are disconnected from the LAN and when someone changes his position in the LAN, he's blocked from accessing the network.
I recall that my goal is to give access to the network based on the MAC address or the domain name (Authorize computers part of OurDoamin.com).
N.B: In our architecture each room has a small switch and those switches are connected the "central one" which is the Cisco SF300.
Dynamic arp inspection does this. Bind a mac to IP on the trust list, make the client connecting ports "unsecured" (meaning subject to the arp inspection) then make the interconnect ports "secure" (meaning not subject to arp inspection).
I will tell you one thing.. before messing with DAI, make sure you make entry for at least the host you're using, otherwise you will hose up that switch.
Please mark answered for helpful posts