Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1217
Views
0
Helpful
3
Replies

Port-security trunk

Go to solution
CSchaatsbergen
Level 1
Level 1

‎03-14-2013 04:28 AM - edited ‎03-07-2019 12:14 PM

Hi all

We have a C3560-8PC switch (small, fanless switch) connected to a C3560G-24PS on a trunk port.

If I where to add port-security to that port on the big switch, would it only see the mac-address of the small switch or also of the clients connected to the small switch? Can I set port-security maximum 1 or would that block any clients connected to the small switch?

Thanks in advance

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Ton V Engelen
Level 3
Level 3

‎03-14-2013 04:54 AM

Hi

i think it would see every mac address that passes over the trunk.

See: http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/25sg/configuration/guide/port_sec.pdf

for more detials.

View solution in original post

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to CSchaatsbergen

‎03-14-2013 06:42 AM

Hello Chris,

Whether you are using a 3560 or another box is the same behavior, MAC addresses are not changed on layer 2 devices as we do on routers ( They modify the source mac address to their outoing interface when setting the new layer 2 header).

Layer 2 headers across the switches stays the same way, so that is why over a trunk link you would expect to see a lot of MAC addresses ( Of course this deppending on the amount of PC's you have on the other side, so be careful with this one

Hope I was clear on this one

Have a wonderful day

Julio Carvajal

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Ton V Engelen
Level 3
Level 3

‎03-14-2013 04:54 AM

Hi

i think it would see every mac address that passes over the trunk.

See: http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/25sg/configuration/guide/port_sec.pdf

for more detials.

0 Helpful

Go to solution
CSchaatsbergen
Level 1
Level 1
In response to Ton V Engelen

‎03-14-2013 06:03 AM

Hey,

I think so too, I found the same information for the 3560s but could not find an answer to my question in it.

Currently experimenting with port-security maximum 1 vlan maintenance_vlan_id.

Thanks anyway

Chris

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to CSchaatsbergen

‎03-14-2013 06:42 AM

Hello Chris,

Whether you are using a 3560 or another box is the same behavior, MAC addresses are not changed on layer 2 devices as we do on routers ( They modify the source mac address to their outoing interface when setting the new layer 2 header).

Layer 2 headers across the switches stays the same way, so that is why over a trunk link you would expect to see a lot of MAC addresses ( Of course this deppending on the amount of PC's you have on the other side, so be careful with this one

Hope I was clear on this one

Have a wonderful day

Julio Carvajal

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Top