Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Enabling port security

I am enabling port security on all of my switchports. My goal is to stop users from adding small switches or unauthorized wireless AP's to the network. If I use the command “Switchport port-security“ this will limit the port to one MAC address. If a switch is plugging in and 2 machines are plugged into in to it, this should shutdown the port? Also. if I use the command “Spanning-tree bpduguard” this should stop a wireless AP who most like would be doing NAT. The catalyst switch would only see it as one MAC address, but it should send BPDU packets and thus the port would be shutdown.

Am I right on this? Thanks.

1 REPLY
Hall of Fame Super Bronze

Re: Enabling port security

Just be aware if you have VoIP in your network.

The switchport will have 3 MAC-Address associated to it.

As far as the BPDU, YES - if the AP sends BPDU and you have the SP BDPU enabled, the port will be disabled upon receiving the BPDU packet.

HTH,

__

Edison.

195
Views
4
Helpful
1
Replies