Does Switchport macadress security works with FA interfaces?

Bredal187 · ‎12-28-2016

Like the title says, is it suppose to work between switches FA interfaces?

I have two cata 2950 switches and i have set the switchport port-security mac-address sticky command on my Switch2 FA 0/1 port

I then connect switch1 FA 0/1 to switch2 FA 0/1 and everything works.

I then move the cable from switch1 FA0/1 to FA 0/2 and everything still works. I didnt lock down.

Is that because it is two switches?

Paul Chapman · ‎12-28-2016

Hi -

I don't think this command does what you think it does...

Let's assume that your configuration looks like this:

! ## Switch 1 ##
interface range fa0/1 - 47
 description Device Port
 switchport mode access
 switchport port-security
 switchport port-security mac-address sticky
interface fa0/48
 description Link to Switch 2
 switchport mode trunk
!
! ## Switch 2 ##
interface range fa0/1 - 47
 description Device Port
 switchport mode access
 switchport port-security
 switchport port-security mac-address sticky
interface fa0/48
 description Link to Switch 1
 switchport mode trunk

Sticky MAC records the MAC address of the first device that connects and tells the switch that it's the only device allowed to connect to that port.

If you were to move the same device to every port on the switch, then that device would be the only device allowed connect because it's MAC would be on every port.

Sticky MAC does not tell the switch that device's MAC must only connect to a single port.

PSC

Bredal187 · ‎12-29-2016

That makes sense, since each port doesnt have a unique mac address.

Thanks for reply :-)