Port security on etherswitch module

prabhdeepnijjar · ‎02-12-2008

Tell me if I understand this correctly.

You use the: mac-address-table secure <mac-address> fastethernet slot/port [vlan <vlan id>] command to lock specific MACs to specific interfaces.

So I take it there is no equivalent to the: switchport port-security mac-address sticky command? Meaning you have to manually enter ever MAC address you wish to use on an interface?

My biggest question is what is going to happen when a new MAC is plugged into an interface that has not been specified with the 'mac-address-table secure' command? Will the interface prohibit the new MAC from communicating? And if so, how do you troubleshoot this? (determine a new MAC was plugged in)

Mohamed Sobair · ‎02-13-2008

Hi,

The Sticky feature enables a switch to dynamicly learn the Mac-address entry, you dont have to specify a static mac-address when pluggs a device to the Switch.

As for the action, its configurable, you can specify what a ction you want a switch to take if it learns other mac-address other than the 1st learned one. also you can specify the maximum mac-addresses a security port could accept.

Verify:-

sh mac-address-table interface (x)

HTH

Mohamed

shivlu jain · ‎02-14-2008

Bt default on port-security it uses one mac-address which dynamically it learns. If you want to put another mac on the port it will not accept. If you want to add the another one then you have to use

switchport port-security maximum 2

it means now the port can store the 2 addresses it can go up to the capacity of your CAM.

if you wonot specify the above the command it will workmwith only one address

regards

shivlu

prabhdeepnijjar · ‎02-14-2008

The 2851 router does not support switchport port-security command and If I have each port of the ethermodule connecting to a IP phone and PC .

then what are my options as i am not able to secure these Mac address with their respective VLANs to a single interface