Re: Port Security on Cat 5500

mvaillancourt · ‎04-07-2003

I am looking at implementing Port Security on our Cat 5500 by using the set port security <port range> enable. The way i understand this command to work, it will make the switch learn the MAC addresses of the devices already plugged into those ports. If this is true, what happens if nothing is plugged into a port this command was applied to? Will you be able to plug a device into the port and have it work or do you have to tell the port about the new MAC address.

tcross3 · ‎04-07-2003

When you use port security it will lear the mac of any device pluged in. If no device is pulged in and the mac has aged out then a new device can be plugged in. For example, a notebook user plugs in. The switch will look that port to that mac address. the user works for 3 minutes. A new users plugs in. If you timers are set for 15 minutes. That port will security disable for 15 minutes. Here is the catch. If the deivce is connected even if it is powered off (more on this later) the switch at the end of 15 minutes will look for the last seen mac address. It will not see it and then start another 15 minute countdown. Some computers have wake on lan which keeps the port up. To clear a mac address from port security, clear port security on the switch port or physicall unplug the patch cord for the entire time out period +10 seconds for good measure. Also note if you have a hub connected on the first seen mac address will work, you should disable port security on any ports that are connected to hubs or switches.

mvaillancourt · ‎04-29-2003

So if I unplug a device for the 15 minute countdown +10 seconds, the switch will clear the MAC address out and be available for a new device to plug in? If this is true, then I could set the timer to 0 minutes and lock a port to that MAC unless it was manually cleared. Would that be correct?