I am having all 3560E as my edge switches. All the ports are having IP phones connected and PCs are connected to IP phones. I was looking forward to implement port based security.
First of all is it a good practice to MAC based security in such environment ? Second are there any other options to make ports more secure ? Right now the ports are dynamic when i changed them to static with "switchport mode access" and gave commands like "switchport port-security" and "switchport port-security maximum 2" the port was shutdown and i there was no LED on it.
That's the way we did too, but we had to sticky. It's a real pain as the port security violations seems to come in waves. We have since roled out 802.1x for phones and workstations. No more security violations (except when printers are moved).