05-12-2009 12:14 PM - edited 03-06-2019 05:41 AM
Hi All,
i have a switch 4507 which's connected with 20 floor switch 3560. i have about 600 user.i want to know what's the best solution for implementing port_security with 600 @mac.
i configure them on the federator switch or in the floor switchs.
thanks for your help
05-13-2009 08:28 AM
Hello Yoyo,
to get the tighter control you should configure it on floor switches user ports where it is clear that you don't expect more then 2 MAC addresses for port (two if you use VoIP phones).
Be aware that smaller switches have also smaller CAM tables and one of the objectives of port security is the protection from MAC address flooding attacks.
Floor switches uplinks are likely to carry 30-60 MAC addresses.
see
Hope to help
Giuseppe
05-13-2009 10:04 AM
Hi,
I want to guard mobility to all 600 users.
so i don't know if i can write 600@MAC on all ports of all floor switchs.
or if ther's another solution more easy than this one.
Thanks a lot
05-13-2009 12:05 PM
Hello Yoyo,
if you want to allow 600 users to move in the campus and at the same time you want to block unauthorized users th right tool is 802.1X that allows network access after an authentication phase.
see
It is a long work and you need to setup a Radius server but it should be the right tool
Hope to help
Giuseppe
05-13-2009 06:07 PM
Hi,
what do you think about VMPS, it's more easily?
knowing that i have a cisco phone on my network.
Thank you
05-14-2009 05:36 AM
Hello Yoyo,
VMPS is very old stuff and I think it works only with CatOS switches.
There are options to support voice vlan with 802.1X for example using the guest vlan concept.
Hope to help
Giuseppe
05-14-2009 09:34 AM
Hi Giuslar,
have you an idea about any free radius server wich i can configure.
and i have a question because i never work with radius.
when i connect a PC, the authentication pass directly with MAC Adresse,Or there's any think to configure on the PC?
Thanks a lot
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: