09-30-2021 02:42 AM
Hi there,
So my questions is regarding port-security. Is this function purely physical for the device attached only?
I would like to know, if I add port security on say interface 1/0/48, will the interface receive broadcasts from other macs if say I have
switchport port-security
switchport port-security maximum 1
switchport port-security violation protect
switchport port-security mac-address sticky 00:01:02:03:04:05
Will the port still be able to receive layer 2 traffic from other broadcasting and communicating clients?
The reason I ask this is I am looking for a solution for securing ARP. I don't want any rouge ARP requests sent so hoping I can use port-security to block such traffic.
Thanks!
09-30-2021 03:01 AM
switchport port-security mac-address sticky 00:01:02:03:04:05
applying this config on the interface restrict the port to only for that MAC Address, if any device connected will have different MAC address, the Port will be disabled ( depends on the config).
If you do not mentioned any access port vlan information, then it will be default VLAN 1, so all VLAN 1 can access this device. (if i understand your question correctly ?)
09-30-2021 03:14 AM
I understand how port security works, but I think you're miss interpreting my questions.
Thanks
09-30-2021 03:22 AM
Will the port still be able to receive layer 2 traffic from other broadcasting and communicating clients?
yes - I have address above post.
I understand how port security works, but I think you're miss interpreting my questions.
what i have missed explain please ? to address correctly.
10-03-2021 02:15 PM
Ok thank you!
09-30-2021 04:52 PM
DAI with dhcp snooping support for ARP rouge.
10-03-2021 02:16 PM
Excellent thanks, ill look into this.
10-29-2021 10:55 AM
Hello
@deanfourie wrote:
Hi there,
So my questions is regarding port-security. Is this function purely physical for the device attached only?
I would like to know, if I add port security on say interface 1/0/48, will the interface receive broadcasts from other macs if say I have
switchport port-security
switchport port-security maximum 1
switchport port-security violation protect
switchport port-security mac-address sticky 00:01:02:03:04:05
Will the port still be able to receive layer 2 traffic from other broadcasting and communicating clients?
Port security is applied to the attached device,but it is not negating arp spooffing or broadcast, to do that you woud need to apply DAI/IPSG inconjuction with dhcp snooping.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide