Cisco 2960 port security

Hello Experts,

I have an 8 port Cisco 2960 switch. I need to configure port security.

Port 1 to 6 will have only one device directly attached, so i can configure the MAC address to stick on these ports.

On port 7, there is another switch attached. This is a simple switch that is not managable. This switch will have 6 more devices attached.

Can i still configure port security on port 7? Like configure some kind of MAC address pool of the devices that are allowed to connect. And when an unknown device is attached, the port will go in error disabled state?
LVL 7
SvenIAAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MiftaulCommented:
Yes, you can like below
Switch(config)#int gigabitEthernet 0/12
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security maximum 6
Switch(config-if)#switchport port-security mac-address Sticky

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cyclops3590Sr Software EngineerCommented:
Only other thing I would look at possibly is changing the violation method.  default is shutdown.  I would change it to restrict or protect.  shutdown actually shuts down the interface if more than the maximum mac addresses are seen killing connections for existing hosts.  The other two will just disable new macs from being learned.  restrict might be better as it increments the securityviolation counter.  but if you don't mind the shutdown feature or you specifically want that, by all means leave it at default.
SvenIAAuthor Commented:
Ok guys thanks for the information. I got one other question.

What if the additional switch was a wireless accesspoint attached to port 7? Will every wireless client count? Is it the same as wired, when it comes to port security?
MiftaulCommented:
To a switchport, it only understands MAC address. No matter if the mac is learned from connected wired or a wireless device, it still counts.

So yes, its the same regardless of wired or wireless.
SvenIAAuthor Commented:
Thanks for the information! Most helpfull.....
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.