access: disable port-security on trunk ports
Because it messes up AP roaming: client MAC will not be learned on the switch port for the new AP until the old one times out in five minutes.
This commit is contained in:
parent
cf0fb98e4d
commit
a1147a3283
1 changed files with 8 additions and 0 deletions
|
|
@ -24,11 +24,19 @@ interface {{ iface.name }}
|
|||
interface {{ iface.name }}
|
||||
{# common setup for user-facing interfaces #}
|
||||
{% if iface.type.value != 'lag' and not iface.mgmt_only %}
|
||||
{% if iface.mode and iface.mode.value == 'access' %}
|
||||
switchport port-security
|
||||
switchport port-security maximum 64
|
||||
switchport port-security violation shutdown
|
||||
switchport port-security aging time 5
|
||||
switchport port-security aging type inactivity
|
||||
{% else %}
|
||||
no switchport port-security
|
||||
no switchport port-security maximum
|
||||
no switchport port-security violation
|
||||
no switchport port-security aging time
|
||||
no switchport port-security aging type
|
||||
{% endif %}
|
||||
{% if iface.enabled %} no shutdown{% else %} shutdown{% endif %}
|
||||
{% endif %}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue