The benefit is it will block traffic from other mac addresses in the event of a loop or other misconfiguration. The learned mac address will clear automatically when the port goes down so it should not require admin assistance. On Dec 22, 2011 8:28 PM, "Owen DeLong" <owend@he.net> wrote:
What is the perceived benefit of doing this? The down-side is that whenever anyone has to replace a line card or do an equipment swap, they need to coordinate with someone who can update the port security on the switch. Worse, they need to remember that's an issue at the time or figure it out through a (not terribly convenient) troubleshooting process.
Owen
Sent from my iPad
On Dec 23, 2011, at 4:23 AM, Jay Hanke <jayhanke@MANKATONETWORKS.NET> wrote:
I have purchased a new EX 2200 switch for the Mankato Networks rack. The new switch will be dedicated and will enable traffic stats for those connected to my switch.
As a trial, I plan to enable port security on the downstream access ports limiting the port to one learned mac-address. The port security mechanism is the same on the EX 2200 as the EX 4200 so if successful, a similar strategy could be applied to the main switch.
The uplink to the main switch will remain the same.
Pending feedback, I'm planning to perform the move sometime in early January.
Thanks,
Jay
########################################################################
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
########################################################################
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1