access: disable port-security on trunk ports

Because it messes up AP roaming: client MAC will not be learned on the switch port for the new AP until the old one times out in five minutes.
2025-05-23 12:39:59 +02:00 · 2025-05-23 12:39:59 +02:00 · a1147a3283
commit a1147a3283
parent cf0fb98e4d
1 changed files with 8 additions and 0 deletions
--- a/roles/access/templates/config-d-link.j2
+++ b/roles/access/templates/config-d-link.j2
@ -24,11 +24,19 @@ interface {{ iface.name }}
 interface {{ iface.name }}
 {# common setup for user-facing interfaces #}
 {% if iface.type.value != 'lag' and not iface.mgmt_only %}
+{% if iface.mode and iface.mode.value == 'access' %}
 switchport port-security
 switchport port-security maximum 64
 switchport port-security violation shutdown
 switchport port-security aging time 5
 switchport port-security aging type inactivity
+{% else %}
+ no switchport port-security
+ no switchport port-security maximum
+ no switchport port-security violation
+ no switchport port-security aging time
+ no switchport port-security aging type
+{% endif %}
 {% if iface.enabled %} no shutdown{% else %} shutdown{% endif %}
 {% endif %}