Securing several switch ports for a range of mac addresses?

Unanswered Question
Aug 16th, 2007
User Badges:

Is it possible using port securtiy on a cisco 2950 to limit a range of ports to only all connectivity to 10 set mac addressess. What I am aiming to do is to allow ten users access independent of what cat port they connect to. At present when I try this the switch detects an error when the same mac addresses are specified on more than one port?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Pavel Bykov Thu, 08/16/2007 - 10:59
User Badges:
  • Silver, 250 points or more

For 10 mac addresses use the following commands:

switchport port-security maximum 10

switchport port-security mac-address MAC1

switchport port-security mac-address MAC2

.

.

switchport port-security mac-address MAC10




For more information refer to the command options:

http://www.cisco.com/en/US/customer/docs/switches/lan/catalyst4500/12.2/31sga/command/reference/snmp_vtp.html#wp1210569


Hope this helps.

Please rate all helpful posts.

CSCO10576352 Thu, 08/16/2007 - 11:19
User Badges:

Hi, thanks for the reply. I had tried to configure the ports as you suggest however the issue is for example if I configure interface fa0/1 for the following secure mac addresses :


interface fa0/1

switchport port-security maximum 2

switchport port-security mac-address aaaa.aaaa.aaaa

switchport port-security mac-address bbbb.bbbb.bbbb


This works fine, however when I then issue the same configuration under interface fa0/2 and enter the same macs (the idea being that users can connect into either port) the switch throws an error to say duplicate mac addresses sourced and wont take the commands.


I guess this may not be possible to confgiure, I know dot1x would be the solution but i dont have the resources to implement this.



Actions

This Discussion