Port-security maximum_addr and Wireless Network!

benahmeddaho_MOURAD · ‎01-02-2021

Hi, Everyone!
A cisco AP can be configured as LWAP or Standalone. Respectively, access or trunk to the SWA (layer2 Access Switch)

For an ex: is it recommanded and possible to configure #Port-security max-addr on the SWA port. Whethere access or trunk?
NB : The network can be wlan[known users number]. or guest_wlan[unknown users number] !

balaji.bandi · ‎01-02-2021

Personally, I would not use - since we do not know the number of users connects to AP. but good to have some Limitations to configure. but bare in mind in case of more MAC address come in security the action takes place depends on what you like to do.

here is some reference document :

https://cammyd.com/cisco-port-security-settings-and-wireless-access-points/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

benahmeddaho_MOURAD · ‎01-04-2021

Dear Sir,
I agree totally with you, but is there another way to prevent #Mac_Flooding_Attack in the wireless networks without using port-security!
Cordially!

MHM Cisco World · ‎01-02-2021

local or central mode?

benahmeddaho_MOURAD · ‎01-04-2021

Hi Sir!

Im Sorry, i did not get your question!
Do you mean AP standalone || WLC architecture based!
Cordialy!

Grendizer · ‎01-05-2021

If you’re using WLC and If the AP in local mode or FlexConnect central switching then you don’t need to worry about the MAC addresses because the switchport will show only one MAC which is the AP Eth MAC Address because the AP will tunnel all the traffic from all connected clients to the WLC.

benahmeddaho_MOURAD · ‎01-14-2021

Ok, and what about the Standalone based architecture ?

Grendizer · ‎01-14-2021

If you mean autonomous then all MAC Addresses will be showing from that AP