From a1147a32830100c3c23e04f7946025b68a6244a8 Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Fri, 23 May 2025 12:39:59 +0200
Subject: [PATCH] access: disable port-security on trunk ports

Because it messes up AP roaming: client MAC will not be learned on the
switch port for the new AP until the old one times out in five minutes.
---
 roles/access/templates/config-d-link.j2 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/access/templates/config-d-link.j2 b/roles/access/templates/config-d-link.j2
index 599a6e5..9d0281d 100644
--- a/roles/access/templates/config-d-link.j2
+++ b/roles/access/templates/config-d-link.j2
@@ -24,11 +24,19 @@ interface {{ iface.name }}
 interface {{ iface.name }}
 {# common setup for user-facing interfaces #}
 {% if iface.type.value != 'lag' and not iface.mgmt_only %}
+{% if iface.mode and iface.mode.value == 'access' %}
  switchport port-security
  switchport port-security maximum 64
  switchport port-security violation shutdown
  switchport port-security aging time 5
  switchport port-security aging type inactivity
+{% else %}
+ no switchport port-security
+ no switchport port-security maximum
+ no switchport port-security violation
+ no switchport port-security aging time
+ no switchport port-security aging type
+{% endif %}
 {% if iface.enabled %} no shutdown{% else %} shutdown{% endif %}
 {% endif %}