Why does port security learn new mac addresses when max-mac-count is reached ? Follow
Question:
Why does the switch learn new mac addresses on a port when a user configures one static mac-address on a port, and enables port security and sets max-mac-count as 1 ?
For example,
Console#con
Console(config)#mac-address-table static 20-6A-8A-1C-96-C1 interface ethernet 1/1 vlan 1
Console(config)#interface ethernet 1/1
Console(config-if)#port security
Console(config-if)#port security max-mac-count 1
Console(config-if)#end
Switch can still learn one mac address when the client injects packets on port1.
Console#show mac-address-table
Interface MAC Address VLAN Type Life Time
--------- ----------------- ---- -------- -----------------
CPU 70-72-CF-C8-56-4F 1 CPU Delete on Reset
Eth 1/ 1 20-6A-8A-1C-96-C0 1 Security Delete on Reset
Eth 1/ 1 20-6A-8A-1C-96-C1 1 Config Permanent
Console#
Solution:
It's normal behavior of port security max-mac-count. It only limits the dynamic mac address. The static address will still be there.

If user does not want to learn any new mac addresses by port security, set the max-mac-count as 0.
Only the incoming traffic with source addresses which are already stored in the static address table will be accepted.
Comments
0 comments
Please sign in to leave a comment.