Port security on Cisco 6000 series

richmorrow624 · ‎04-03-2007

We have VoiP configured and are using Cisco phones.

The link to the switch is carrying the PC traffic and the voice traffic.

To implement port security, is all that is needed is to add the two mac addresses for the workstation and phone to their respective port?

It seems that can be combersome for a switch with 96 ports or more.

Is there any other way to do it?

sundar.palaniappan · ‎04-03-2007

You can configure port security with sticky MAC addresses for ease of configuration.

Port Security with Sticky MAC Addresses

Release 12.2(18)SXE and later releases support port security with sticky MAC addresses. Port security with sticky MAC addresses provides many of the same benefits as port security with static MAC addresses, but sticky MAC addresses can be learned dynamically. Port security with sticky MAC addresses retains dynamically learned MAC addresses during a link-down condition.

If you enter a write memory or copy running-config startup-config command, then port security with sticky MAC addresses saves dynamically learned MAC addresses in the startup-config file and the port does not have to learn addresses from ingress traffic after bootup or a restart.

More info here:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a0080160a2c.html#wp1062570

Just want to add you can use the int range , if your IOS supports it, and apply the switchport security command(s).

HTH

Sundar