Port-Security vs Mac Access list

Unanswered Question
Nov 4th, 2013
User Badges:

We made a mac access-list to block a especific vendor:

mac access-list extended list1
deny vendorID 0000.00ff.ffff any
deny vendorID 0000.00ff.ffff any

permit any any

and applied on interfaces...

interface fa0/1

mac access-group list1 in

We also have a port-security enabled on this interface.


I was trying to simulate on packet tracer, but it doesn´t suporte mac access-list.

My doubt is what will be checked first. Port-Security or Access-list.

If I block a mac in a list it will activate port-security or it will be blocked first before generating the port violation?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jose Solano Thu, 11/07/2013 - 15:06
User Badges:
  • Silver, 250 points or more


In this case what is the port-security configuration that you have applied on the interface? I would say for example that if you have a port security maximum 3 that will only trigger a violation in case another mac add is received in the port once the 3 allowed are already there, that said if you are blocking the macs from that vendor those will not get to be received on the port therefore the port-security will not be trigger.


This Discussion