I am setting up port security on some 9300's. Want to make sure I have it correct before start rolling the config out. Basically I want a max of 1 MAC address on most access ports (2 where we have Cisco VoIP phones and use the voice vlan command). I'm not looking to save the addresses in the running config and I want a different MAC address to be able to use the same port if devices get moved. Not sure if I am going to use restrict or shutdown but this is what I was looking to add on the access ports:
switchport port-security
switchport port-security maximum 1 (or 2 depending on usage)
switchport port-security violation restrict
switchport port-security aging time 30 type inactivity
I think this would give the desired effect of setting the max I want and clearing the MAC from the port if there had been no activity from that device for 30 minutes so a device could be moved. Am I correct here or have I missed something?
No comments:
Post a Comment