Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
972
Views
0
Helpful
1
Replies

MAC address port security -- side effect?

jroberts6
Level 1
Level 1

‎03-07-2007 10:40 AM

Hello,

I have been working on a Cisco Catalyst 2960 in an academic library setting. I have connected an unmanaged switch to 0/4 for public terminal connections, of which there are currently ten. In order to prevent library patrons from unplugging the network cable to the public terminals and connecting their own laptops, I have implemented MAC address security on the port to which the unmanaged switch is connected.

There are a few other data outlets in the library, which the librarians wish to use by connecting their laptops for presentations and tutorial sessions. Due to limited space on the 2960 Catalyst, I connected those various data ports to the unmanaged switch, and added the librarians' laptops' MAC addresses to the list of permitted addresses -- the goal was to enable the ports only for library staff, and not for public use.

All was well until later, when we discovered that one of the librarians, whose laptop is her primary system, could not connect from any other port on the Catalyst 2960 -- _only_ on port 0/4, where her MAC address was in the list.

In all the documentation I've read I have found nothing that would suggest this as a byproduct of using port security based on MAC address learning. At least in my understanding, having her MAC address in the list should have -allowed- her computer on that port and not affected any of the other ports at all.

Is my understanding incorrect? If not, has anyone else encountered this anomaly? If so, how did you resolve it? -Did- you resolve it?

Labels:
0 Helpful
1 Reply 1

dholder
Level 1
Level 1

‎03-07-2007 10:57 AM

We had to implement port security due to HIPPA regulations. If you have a MAC-Address configured for a port, that MAC-Address will only work on that port only. We have found that moving a PC requires us to remove the old port security definition and then put in the new port security definition. And this was across a network of 120 switches.

We have roamers in our enviornment and in order to get them to connect, we created a Secure Laptop VLAN, and placed in on the port and then made the placed the Laptop's in DHCP as reservations. So, they any 152 laptop can plug into any 152 plug and get on the network. Anyone else would not get an IP. It works well in our enviornment.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents