We have Meraki MS 250 switches. I have discovered some personal hubs attached to the network and want to ensure these devices wont work on the network to discourage the behavior.
From what I can see, my best option to implement port security with Meraki switches is configuring all access ports for sticky MAC with a list size of 1.
Is this correct or have I missed something?
Best Answer
As Jesse P explained, hubs do not have MAC addresses, but multiple devices connected to a hub would mean multiple MAC addresses on the switch interface, and what you suggest would detect that and prevent a situation where a hub is attaching multiple devices to a single switch interface. Unfortunately, it will be unable to detect the hub or a hub with a single device connected.
You must carefully consider your plan. For example, using a VoIP phone with a PC plugged into it could use two or three MAC addresses on the single switch interface. I have seen that mess up plans such as yours because you must allow more than one MAC address at a time for things to work correctly.
If what people are doing is to connect small switches, rather than hubs, then those switches would have MAC addresses, and may even be sending BPDUs. You could then configure something like
bpduguardthat will disable the switch interface when it receives BPDUs. That is a very common, and recommended, practice for access interfaces on a switch.