PORT1 has a "Secure MAC Address" added (MAC1) and port security set to lock down on a security violation.
PORT2 has no port security.
PORT2 is mirrored to PORT10.
I plugged device with MAC1 into PORT2 and started capturing the traffic via PORT10.
MAC1 made requests on PORT2 but I believe no responses were delivered to PORT2.
Lunchtime conversation at work lead to one guy declaring this is not standard IOS behaviour and is some quirk on the SG300.
Is this standard Cisco switch behaviour? Just SG300 behaviour (SG300 does not run IOS)? or am I mistaken on what I thought I saw?
In hindsight I note that to add the "Secure MAC Address" one does visit "MAC Address Tables->Static Addresses" click "Add" and enter in a MAC address selecting "Secure" as the status. This does imply MAC1 is bound to a port and cannot roam. Is this the right way to configure port lockdown?
The design is supposed to be similar to the Enterprise counter part, where if a MAC is learned on a port or staticly set with port security then it should not be learned any where else. That traffic will not be forwarded to that MAC address because it will only be seen on the port it was learned.
Re: Simple "Secure MAC Address" Behaviour Question
That would therefore suggest IOS would do similar. Many thanks for confirming this (and for your time).
As a real world example say one had wireless access points on PORT1 and PORT2 does that mean that wireless client MAC addresses would not be allowed to roam between these 2 access points if port security is set on those 2 ports (or at least if the addresses were learned, until they automatically aged out or were manually cleared)?
So if PORT1 (with DownstairsAP) had learnt automatically LAPTOP1's MAC then LAPTOP1 would not be allowed to use the wireless access point on PORT2 (with UpstairsAP) until it expired from PORT1?
Introduction:Topology Diagram:Configuration Overview:Related
Information: Introduction: This document describes how to connect SG300
with Catalyst switch via STP. Spanning Tree Protocol (STP) is a Layer 2
protocol that runs on mainly on switches. The spec...
The Sx500 Series Stackable Switches offers different port features. You
can add security to a port, make the port more energy efficient, map a
VLAN to a port, make a port available or not to a specific network
portion, and so forth. The next set of articl...
Recently, HP Networking published a blog post attempting to counter the
favorable third party Miercom report on our Cisco® 200 and 300 Series
Smart and Managed switches: