port security limitations on 3500s

But the purpose of port security is to ensure that people do -not- move ports without going through proper channels.

Neither of those two would be consistant with the security model offered by port security. All you would have achieved would be the equivilent of setting a maximum number of "recent" MACs per port, and blocking MAC flooding.

It sounds to me as if you what you want is not "port security" but rather something more like EAP / LEAP (802.1x authentication). The 3550s might handle 802.1x, but I would doubt the 3548's would (not even the Cat3584G-L3).

Hmm, but I thought that is essentially what Port Security also provides (protection against MAC flooding) but I guess that is not its inherent purpose? Guess I'm a little confused, heh. I was reading up on it before implementing it on our switches and thought that it can be either set to sticky (retains the connected MAC address on its table indefinitely?) or that can be disabled so that a mac addresss, if it hasn't sent any packets, would be cleared or be allowed to forward packets through another port?

Guess my other question would be, if I go with 802.1x, would it be pointless then to turn on port security?

Thanks again for your help.

Quoting context helps: most of the regular posters here do not use googlegroups as their usenet reading interface, so usually cannot immediately see the proceeding messages in the thread.

No, port security is primarily to lock particular devices to particular ports; e.g., to add a measure of trust that it is your finance manager who is accessing the payroll subsystem and not someone who has slipped into that office with a laptop that they have plugged in.

Might depend upon the version; I haven't looked at it recently.