Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Port-Security vs Mac Access list

We made a mac access-list to block a especific vendor:

mac access-list extended list1
deny vendorID 0000.00ff.ffff any
deny vendorID 0000.00ff.ffff any

permit any any

and applied on interfaces...

interface fa0/1

mac access-group list1 in

We also have a port-security enabled on this interface.

 

I was trying to simulate on packet tracer, but it doesn´t suporte mac access-list.

My doubt is what will be checked first. Port-Security or Access-list.

If I block a mac in a list it will activate port-security or it will be blocked first before generating the port violation?

Thanks.

1 REPLY
Silver

Re: Port-Security vs Mac Access list

Hi,

In this case what is the port-security configuration that you have applied on the interface? I would say for example that if you have a port security maximum 3 that will only trigger a violation in case another mac add is received in the port once the 3 allowed are already there, that said if you are blocking the macs from that vendor those will not get to be received on the port therefore the port-security will not be trigger.

626
Views
0
Helpful
1
Replies
CreatePlease to create content