A case for port security

12th June 2021

Port security watches for multiple MAC addresses on a port and if it detects >1 it disables the port.
Pros:
+If a user tries running responder, the port gets disabled
+If a user plugs in a wireless access point, the port gets disabled
Cons:
-If anyone plugs in a small switch/hub to increase the port count, the port gets disabled
-doesn’t work when desk phones have a 2 port switch on the back

Possible solution:
Configure alerts when a port adds mac addresses
pre-configure a group of ports without port security.
Tell the Tier1 admins to use one of those ports when then find a switch in use

Is it worth the headache? Maybe for a subset of users that randomly click links in emails. Then you can label those ports “Danger Zone” 🙂