Hello all,
We use N30's and N20's in our network, and have started using port-security to lock down machines to ports etc using the following port settings:
!
interface Gi1/0/1
description "---"
switchport port-security
switchport port-security dynamic 0
switchport port-security maximum 1
switchport port-security mac-address ####.####.#### vlan #
exit
!
Which is fine, although the question has been asked if its feasible to setup mac addresses against a vlan interface instead of a switchport. At present with the above, once a mac is made static (rather than dynamic) the device will only work that port, regardless of whether other ports are not running port-security settings.
The vlan-mac locking is not essential but would offer greater flexibility. Primarily this config will be on the N20's since these are edge switches and N30's are considered as core.
Cheers,