+ Reply to Thread
Results 1 to 7 of 7

Thread: Port Security?

  1. Member
    Join Date
    Apr 2015
    Location
    NY
    Posts
    40

    Certifications
    Security+
    #1

    Default Port Security?

    I have a question about an S1 0/0 connected to S2 0/1:

    S1: interface S0/0
    switchport mode access
    switchport port-security
    switchport port-security max 1
    switchport port-security mac-address sticky
    speed auto
    duplex auto

    S2: interface s0/1
    switchport mode access
    switchport port-security
    switchport port-security max 1
    switchport port-security mac-address sticky
    speed auto
    duplex auto

    but let's say S2 has a boat load of connections, what mac address would populate within the cam table?
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Sep 2004
    Location
    New York
    Posts
    436

    Certifications
    MS IT, BS IT, CCIE R&S, CCNP, CCDP, CISSP, Sec+, VCA6-DCV, VCA6-NV
    #2
    Quote Originally Posted by UsualSuspect7 View Post
    I have a question about an S1 0/0 connected to S2 0/1:

    S1: interface S0/0
    switchport mode access
    switchport port-security
    switchport port-security max 1
    switchport port-security mac-address sticky
    speed auto
    duplex auto

    S2: interface s0/1
    switchport mode access
    switchport port-security
    switchport port-security max 1
    switchport port-security mac-address sticky
    speed auto
    duplex auto

    but let's say S2 has a boat load of connections, what mac address would populate within the cam table?
    The first one learned on the port.
    Reply With Quote Quote  

  4. Member
    Join Date
    Apr 2015
    Location
    NY
    Posts
    40

    Certifications
    Security+
    #3
    Quote Originally Posted by tunerX View Post
    The first one learned on the port.
    So it would learn the mac of the S2, but would it allow all other devices connected to S2 to communicated with S1?
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Sep 2004
    Location
    New York
    Posts
    436

    Certifications
    MS IT, BS IT, CCIE R&S, CCNP, CCDP, CISSP, Sec+, VCA6-DCV, VCA6-NV
    #4
    You set the max to 1. Once there is one mac learned from the first frame received... that's the end of it.

    Any frame received with a different source mac address will cause the port to error/operate based on your settings.
    Reply With Quote Quote  

  6. Member
    Join Date
    Apr 2015
    Location
    NY
    Posts
    40

    Certifications
    Security+
    #5
    Quote Originally Posted by tunerX View Post
    You set the max to 1. Once there is one mac learned from the first frame received... that's the end of it.

    Any frame received with a different source mac address will cause the port to error/operate based on your settings.

    So when connected a Switch to another Switch it's not recommended to use port security? or at least not set a max value?
    Reply With Quote Quote  

  7. Senior Member Danielh22185's Avatar
    Join Date
    Apr 2012
    Location
    DFW Area
    Posts
    1,156

    Certifications
    CCNP R&S, CCNA, CCENT
    #6
    Quote Originally Posted by UsualSuspect7 View Post
    So when connected a Switch to another Switch it's not recommended to use port security? or at least not set a max value?
    No. The purpose of port security is to control user access. Now there are some mechanisms like root guard that protect the switch from giving up it's root status to another one that might come along that has a better BID but switch-to-switch connections should not have port-security. The idea behind that is because they that trunk link is a trusted network connection that should not be changing often like a user port would.
    Currently Studying: IE Stuff...kinda...for now...
    My ultimate career goal: To climb to the top of the computer network industry food chain.
    "Winning means you're willing to go longer, work harder, and give more than anyone else." - Vince Lombardi
    Reply With Quote Quote  

  8. Completely Clueless TechGromit's Avatar
    Join Date
    Oct 2015
    Location
    Galloway, NJ
    Posts
    1,268

    Certifications
    A+, Network +, GSEC, GCIH, Lunatic+
    #7
    Quote Originally Posted by UsualSuspect7 View Post
    So when connected a Switch to another Switch it's not recommended to use port security? or at least not set a max value?
    I assume you don't mean with fiber, you mean to connecting one switch to another using Cat. 5 cable, plugging it into one of the ports on the switch. Since you have port security, Switch 1, will learn the Mac address of switch 2 and it will allow it to work perfectly fine, but once you plug other devices into Switch 2, Switch 1 will reject all the traffic from those devices. Switch 2 devices will be restricted to only talking to each other on switch 2. What are you trying to accomplish here? Are you learning/studying or you trying to secure your network?
    Last edited by TechGromit; 06-15-2017 at 12:29 PM.
    Still searching for the corner in a round room.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks