So, I've been chasing the dragon on this one for a while now, and I really haven't reached a clear resolution.

Sure, I understand that port security is a physical layer of security, based on the port and device attached and nothing else.

So, how do I set port security for a backbone to another switch?

I have a switch sitting in the middle of nowhere and I need to secure it. I have 3 ports, all in one VLAN. One of these ports is backbone (not a trunk) between another switch and I need to secure it from someone plugging into it. So I set port security on the port with 0 dynamic and 1 static, and boom I have 1 static entry. All is good, however now I get multiple violations for devices that are broadcasting of communicating on that vlan. Basically, I have 1 static MAC set, but if that port received a packet from a mac not in the static list, it violates.

Another example. I have a Wi-Fi AP setup and have port-security enabled on the connected AP switchport. I found that I can actually manage clients using port-security. So, if a Wi-Fi client wants to connect to the AP and get network access, I need to add that client to the static MAC entry otherwise they fail to obtain a lease. I guess this is because the device is connecting at layer 2 over the AP and the client is not in the static list for port-security of that port. Kind of makes sense.

So, port security is actually restricting traffic in this case. Is the same happening for me connect VLAN backbone as I am getting so many violations and do I need to set my static count to all devices in the VLAN?

Also, is this the best way to be approaching this? Is there a better method?

Thanks in advance.