Router port and Switchport security

Answered Question
Aug 18th, 2009
User Badges:

I have just realized that once you perform "no switchport" on a switch, you can no longer perform switchport security on a port.


I would like to have "no switchport" and yet be able to perform a "switchport security" so that I can limit the number of mac addresses connecting to that port.

Is there a way?




Correct Answer by Edison Ortiz about 7 years 8 months ago

No.


Those are the limitation you may face when doing L3 switchport. You lose switchport capabilities.


__


Edison.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Edison Ortiz Wed, 08/19/2009 - 05:19
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

You can't perform switchport related commands - such as security - on a Layer 3 port.


If you need switchport security as part of the design, you must enable switchport features on the port (Layer 2 switchport) and assign this port to a Vlan. You can apply the IP address intended for this switchport under the Switch Virtual Interface (SVI) and will behave the same as applying the IP under the switchport.


HTH,


__


Edison.

alanchia2000 Wed, 08/19/2009 - 05:26
User Badges:

Hi Edison,


I understand the way to do physical port security. So I'm asking if there's any other way?


Is 802.1x capable of achieving that on a routed port ?


Edison Ortiz Wed, 08/19/2009 - 06:16
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

You could implement security ACLs ..


dot1x is only available on L2 switchports.

alanchia2000 Wed, 08/19/2009 - 06:51
User Badges:

> You could implement security ACLs ..

What kind of security ACLs are you referring? Mac filtering access-list ?


> dot1x is only available on L2 switchports.

Thanks for answering.

Edison Ortiz Wed, 08/19/2009 - 06:57
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Yes, mac filtering acls.

alanchia2000 Wed, 08/19/2009 - 07:07
User Badges:

Hi Edison,

> Yes, mac filtering acls.

Thanks. Just wondering if there are any other means, cause I would most likely need to apply the ACLs to all 48 ports of my access switch ports. They have to be 48 different named ACLs.

Correct Answer
Edison Ortiz Wed, 08/19/2009 - 07:27
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

No.


Those are the limitation you may face when doing L3 switchport. You lose switchport capabilities.


__


Edison.

alanchia2000 Thu, 08/20/2009 - 06:01
User Badges:

Hi Edison,


I just realized that mac acccess-group is not supported on routed port. The option is not available as soon as I did a "no switchport".


Is mac access-group the security ACL you are referring to?


alanchia2000 Thu, 08/20/2009 - 06:19
User Badges:

Thanks Edison, I'll go check out tomorrow when I get back to office.


Cheers,

Alan

Actions

This Discussion