Configuring switch port security

Unanswered Question
May 20th, 2009
User Badges:

We are using port security feature on our c3750 IOS 122-35.SE1. Customer has a laptop which needs access to multiple ports but we get the duplicate MAC addr error trying to assign the address to more than one port. Looking for suggestions on how to configure port security in this scenario

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
davy.timmermans Wed, 05/20/2009 - 07:22
User Badges:
  • Silver, 250 points or more

switchport port-security aging type inactivity

switchport port-security aging x


where x is a value in minutes. If you configure 0 as value, you disable aging! So you've to pick for example 1.


This is required if the laptop is not directly attached to the switch. For example connected via a VoIP phone.

If the switch doesn't hear from the host for x minutes, the mac-address is removed from the table.

If the laptop is directly connected, the MAC address is flushed immediately when disconnected.


A unique secure MAC address can only be once present in the MAC address table for a certain VLAN

bryantsteve Wed, 05/20/2009 - 09:01
User Badges:

Davy thanks for the response. In other words if I have a port security mac addr xxx assigned to a port and configure this aging option for say 1 minute, then I should be able to successfully

reconnect to that port with a different MAC addr yyy after 1 minute. Does that sound correct?

Thanks again




davy.timmermans Wed, 05/20/2009 - 09:14
User Badges:
  • Silver, 250 points or more

Hi Bryan,

what's the sense of statically configuring a mac address in this situation? The switch want allow you to configure the same static MAC to two different ports in the same VLAN.


A static MAC address doesn't age out by default. This command is required:


switchport port-security aging static


but what is the sense of configuring a static MAC that possibly will age out?



bryantsteve Wed, 05/20/2009 - 11:10
User Badges:

Unfortunately for me, port security static MACs are an organizational network requirement and I have a support group requesting to be able to unplug an existing workstation and connect a specific laptop from the same subnet to that switch port and be able to repeat this step for multiple ports on the same switch. I was hoping to be able to configure the switch port port security to allow this without having to intervene manually, removing and re adding the static MAC address. Thanks

Actions

This Discussion