Jeremy, We use port security along with mac-notification on our Cisco 3560's [running 12.2(40)SE] without a problem. I'd be curious as to what problems you have seen using the two together.
Sample config: interface FastEthernet0/10 switchport access vlan <auth vlan> switchport mode access switchport port-security switchport port-security aging time 2 switchport port-security violation restrict switchport port-security aging type inactivity ip arp inspection limit rate 15 burst interval 10 snmp trap mac-notification change added no cdp enable spanning-tree portfast spanning-tree bpduguard enable ip verify source ip dhcp snooping limit rate 50 ! Thanks, -- Cal A. Krzywiec Network Engineer The University of Scranton Phone: (570) 941-6748 Email: [email protected] Jeremy Wood wrote: > We have this enabled on our access switches too but unfortunitly it > only stops 'smart switches' that use STP. Switches that don't do STP > (yes they are out there) and hubs will still work. The only real way > to stop this is enabling port security on each port as that will > prevent more than one MAC from being used on the port, but it will not > work with Mac-Notification :( > > Personally, I have been addressing this on a case by case basis > (shutdown the port and let our helpdesk know) because it isn't a huge > issue yet but I've been trying to figure out ways to automate the > process so that I can waste less time on it. > > --Jeremy > > On Mon, Jan 19, 2009 at 23:00, Bruce Hodge <[email protected]> > wrote: > >> I dont know if you guy's worked this one out but >> we just do it at the switch with >> >> spanning-tree bpdufilter enable >> >> If there is more than one MAC it turns the port off. >> >> to >> Bruce Hodge >> Senior Communication Specialist >> University of Newcastle >> Australia >> >>
