[c-nsp] Broadcast storm control
Sam Stickland
sam_mailinglists at spacething.org
Tue Nov 6 11:56:48 EST 2007
Saku Ytti wrote:
> In my opinion cisco is lacking some elementary L2 security features,
> like not being able to limit MAC addresses per port, without also
> having port-security on
>
I think the following config should limit the MAC addresses for you:
switchport port-security
switchport port-security maximum x
switchport port-security aging time 5
switchport port-security violation restrict
Port security doesn't permamently learn MAC addresses unless "switchport
port-security mac-address sticky" is set, and setting the aging time to
5 matches the default CAM table timers.
Sam
More information about the cisco-nsp
mailing list