Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

SG-300-28P Port Security


We currently have a few of these acting as access switches around our network.

These switches run our POE telephones and our Workstations. (Switch --> Phone --> Workstation).

Recently a user had brought a switch to the network and removed the telephone, he then plugged he's computer directly into the switch and a laptop he brought from home to download a few large files.

I am aware that there is an option under port security to set the max number of addresses allowed. The current Max is 1.

When I click a port in the web interface and go to edit there is two options [Interface Status] with a checkbox for "Lock" and [Learning Mode].

Learning Mode offers "Classic Lock and Dynamic Lock".

When clicking the "Lock" checkbox two options become available, "Dynamic Lock" where I can edit the number of Mac addresses however when using "Classic Lock" you cannot modify the amount of Mac addresses.

What does "Classic Lock" actually do since you cant edit the max number of mac addresses, the only options that become available when selecting the "Lock" checkbox and clicking "Classic Lock" is "Discard", "Forward" and "Shutdown"?

When clicking Limited Dynamic Lock you can select the number of mac addresses and again you have "Discard", "Forward" and "Shutdown"

Can someone explain what each option would do with the Limited Dynamic Lock?

Lastly, if I enable the Limited Dynamic Lock and put 1 as the max addresses would the telephones still work?

If not and I put this as 2, then couldnt the user just unplug he's telephone, put a switch and connect two machines again?

Thanks for your advice!

CreatePlease to create content