Port Security question

Unanswered Question
Jun 12th, 2008

Question is - can Mac-Addresses be present on multiple switch ports at the same time?

For example, a pod of 4 desks with 4 laptop users in. I want port security on the 4 switch ports that the 4 laptops will use but I want the users to be able to be able to plug their laptops in at any of these 4 desks without a violation so would need all 4 mac-addresses of the laptops listed on all 4 switch ports at the same time.

If I try and configure the switch ports using the range interface config command and type the mac-addresses in, then I get a duplicate address notification message and the first port in the range gets all 4 mac-addresses in it's allowed list and the other 3 ports don't get any of them.

Is this possible?

edit - bah sorry - posted in the wrong forum...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
celticfc2007 Thu, 06/12/2008 - 04:59

I haven't tested it, but the following should work:

Switch#configure terminal

Switch(config)#interface fa0/1

Switch(config-if)#switchport port-security

Switch(config-if)#switchport port-security maximum 4

Switch(config-if)#switchport port-security mac-address 1111.1111.1111

Just repeat the last command for each MAC address, and repeat the entire process for each port. I don't know if you could use the sticky paramter with maximum 4, less typing

(Disclaimer, the syntax is off the top of my head, no warranty expressed or implied =)

HTH

Paul_Edwards Thu, 06/12/2008 - 05:28

Hi thanks for your reply, I originally tried as an example

Switch#conf t

switch#(config)#interface range fa0/1 - 4

switch#(config-if-range)#switchport mode access

switch#(config-if-range)#switchport port-security

switch#(config-if-range)#switchport port-security max 4

switch#(config-if-range)#switchport port-security mac-address 1111.1111.1111

but when I hit return I get the msg :

found duplicate mac-address 1111.1111.1111

The only port which has updated with the mac-address is the first one whereas I was hoping to get it on all 4 ports

switch#(config-if)#switchport port-security mac-addre

Paul_Edwards Thu, 06/12/2008 - 05:30

Hi thanks for your reply, I originally tried as an example

Switch#conf t

switch#(config)#interface range fa0/1 - 4

switch#(config-if-range)#switchport mode access

switch#(config-if-range)#switchport port-security

switch#(config-if-range)#switchport port-security max 4

I then tried to add the first mac-address by doing

switch#(config-if-range)#switchport port-security mac-address 1111.1111.1111

but when I hit return I get the msg :

found duplicate mac-address 1111.1111.1111

The only port which has updated with the mac-address is the first one whereas I was hoping to get it on all 4 ports.

Just wondering if it is possible to get a mac-address on multiple ports or not :)

celticfc2007 Thu, 06/12/2008 - 07:55

I was testing it out, I don't think it can be done. I'm thinking the logic, is similar to trying to assign the same static IPs to multiple interfaces.

Good luck.

srue Thu, 06/12/2008 - 11:40

i think you can only use the same mac-address if they are in different vlans.

Paul_Edwards Thu, 06/12/2008 - 22:51

Thanks for the replies - I've found I can do it if I use a different switch for each port, but the amount of switches in the stack is obviously a limiting factor.

Would rate the replies as helpful, but I don't seem to have the option to rate them (nor as you can see do I have the option to edit one of my existing posts without them being added as new replies lol).

Actions

This Discussion