Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1590
Views
5
Helpful
7
Replies

Port-Security Question

deanfourie
Level 1
Level 1

‎09-30-2021 02:42 AM

Hi there,

 

So my questions is regarding port-security. Is this function purely physical for the device attached only?

 

I would like to know, if I add port security on say interface 1/0/48, will the interface receive broadcasts from other macs if say I have

 

switchport port-security

switchport port-security maximum 1

switchport port-security violation protect

switchport port-security mac-address sticky 00:01:02:03:04:05

 

Will the port still be able to receive layer 2 traffic from other broadcasting and communicating clients?

 

The reason I ask this is I am looking for a solution for securing ARP. I don't want any rouge ARP requests sent so hoping I can use port-security to block such traffic.

 

Thanks!

Labels:
0 Helpful
7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

‎09-30-2021 03:01 AM 

switchport port-security mac-address sticky 00:01:02:03:04:05

applying this config on the interface restrict the port to only for that MAC Address, if any device connected will have different MAC address, the Port will be disabled ( depends on the config).

 

If you do not mentioned any access port vlan information, then it will be default VLAN 1, so all VLAN 1 can access this device. (if i understand your question correctly ?)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

deanfourie
Level 1
Level 1
In response to balaji.bandi

‎09-30-2021 03:14 AM

I understand how port security works, but I think you're miss interpreting my questions.

 

Thanks

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to deanfourie

‎09-30-2021 03:22 AM 

Will the port still be able to receive layer 2 traffic from other broadcasting and communicating clients?

yes - I have address above post.

 

I understand how port security works, but I think you're miss interpreting my questions.

what i have missed explain please ? to address correctly.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

deanfourie
Level 1
Level 1
In response to balaji.bandi

‎10-03-2021 02:15 PM

Ok thank you!

0 Helpful

MHM Cisco World
VIP
VIP

‎09-30-2021 04:52 PM

DAI with dhcp snooping support for ARP rouge.

deanfourie
Level 1
Level 1
In response to MHM Cisco World

‎10-03-2021 02:16 PM

Excellent thanks, ill look into this.

0 Helpful

paul driver
VIP
VIP

‎10-29-2021 10:55 AM

Hello

@deanfourie wrote:

Hi there,

 

So my questions is regarding port-security. Is this function purely physical for the device attached only?

 

I would like to know, if I add port security on say interface 1/0/48, will the interface receive broadcasts from other macs if say I have

 

switchport port-security

switchport port-security maximum 1

switchport port-security violation protect

switchport port-security mac-address sticky 00:01:02:03:04:05

 

Will the port still be able to receive layer 2 traffic from other broadcasting and communicating clients?

Port security is applied to the attached device,but it is not negating arp spooffing or broadcast, to do that you woud need to apply DAI/IPSG inconjuction with dhcp snooping.

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents