[c-nsp] Broadcast storm control

Sam Stickland sam_mailinglists at spacething.org
Tue Nov 6 11:56:48 EST 2007


Saku Ytti wrote:
>  In my opinion cisco is lacking some elementary L2 security features,
> like not being able to limit MAC addresses per port, without also
> having port-security on
>   
I think the following config should limit the MAC addresses for you:

switchport port-security
switchport port-security maximum x
switchport port-security aging time 5
switchport port-security violation restrict

Port security doesn't permamently learn MAC addresses unless "switchport 
port-security mac-address sticky" is set, and setting the aging time to 
5 matches the default CAM table timers.

Sam


More information about the cisco-nsp mailing list