Port-Security Question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2021 02:42 AM
Hi there,
So my questions is regarding port-security. Is this function purely physical for the device attached only?
I would like to know, if I add port security on say interface 1/0/48, will the interface receive broadcasts from other macs if say I have
switchport port-security
switchport port-security maximum 1
switchport port-security violation protect
switchport port-security mac-address sticky 00:01:02:03:04:05
Will the port still be able to receive layer 2 traffic from other broadcasting and communicating clients?
The reason I ask this is I am looking for a solution for securing ARP. I don't want any rouge ARP requests sent so hoping I can use port-security to block such traffic.
Thanks!
- Labels:
-
Physical Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2021 03:01 AM
switchport port-security mac-address sticky 00:01:02:03:04:05
applying this config on the interface restrict the port to only for that MAC Address, if any device connected will have different MAC address, the Port will be disabled ( depends on the config).
If you do not mentioned any access port vlan information, then it will be default VLAN 1, so all VLAN 1 can access this device. (if i understand your question correctly ?)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2021 03:14 AM
I understand how port security works, but I think you're miss interpreting my questions.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2021 03:22 AM
Will the port still be able to receive layer 2 traffic from other broadcasting and communicating clients?
yes - I have address above post.
I understand how port security works, but I think you're miss interpreting my questions.
what i have missed explain please ? to address correctly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2021 02:15 PM
Ok thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2021 04:52 PM
DAI with dhcp snooping support for ARP rouge.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2021 02:16 PM
Excellent thanks, ill look into this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-29-2021 10:55 AM
Hello
@deanfourie wrote:
Hi there,
So my questions is regarding port-security. Is this function purely physical for the device attached only?
I would like to know, if I add port security on say interface 1/0/48, will the interface receive broadcasts from other macs if say I have
switchport port-security
switchport port-security maximum 1
switchport port-security violation protect
switchport port-security mac-address sticky 00:01:02:03:04:05
Will the port still be able to receive layer 2 traffic from other broadcasting and communicating clients?
Port security is applied to the attached device,but it is not negating arp spooffing or broadcast, to do that you woud need to apply DAI/IPSG inconjuction with dhcp snooping.
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
