We are looking at implementing port security and I am looking for a way to accomplish the following.
What we would like to do is prevent someone attaching to a switch that does not have a MAC Address that matches our list of MAC Addresses.
I need the users to be able to move around the office and gain access so the MAC address should not be locked down to a specific port.
The port should be shutdown if there is a violation.
How can I accomplish this.
I thought of Port security Dynamic learning and max amount of MAC addresses but it would allow someone to just attach and go because there is no restriction on the MAC address, and sticky would not work because we need the users to be able to move around the office.
Also, 802.1x port authentication would be OK but it would have to be reconfigured if a device is moved.
Can I use a ACL globally and restrict based on a list of MAC Addresses?
Any direction and help would be greatly appreciated.
you just need one vlan filter command:
vlan filter ALLOWED_MACs vlan-list 1 , 3 , 5 , 101 , 201
Well, I don't think locking down network access by using MAC address is a good idea.
But if you would like to do it this way, you can use MAC ACL to realize it.
Here is just a example.