Saku Ytti wrote: > In my opinion cisco is lacking some elementary L2 security features, > like not being able to limit MAC addresses per port, without also > having port-security on > I think the following config should limit the MAC addresses for you:
switchport port-security switchport port-security maximum x switchport port-security aging time 5 switchport port-security violation restrict Port security doesn't permamently learn MAC addresses unless "switchport port-security mac-address sticky" is set, and setting the aging time to 5 matches the default CAM table timers. Sam _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
