Hi fakrul,

can u please let me know what is the need of using ip-address for port security instead of mac-address...?

If it is either dhcp or static then use mac-address is the best for ports security.

As per my knowledge there have no chance to use ip-address for the port security.

Check:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_25_sed/configuration/guide/swacl.html

Hi,

you will need to look at (IP Source Guard) with DHCP snooping feature.

at the layer-2 interface, you will need to bind static IP with its mac-address with (ip source binding) command.

This should achiev what you are looking for,

Mohamed

Hi,

I have few cisco 2960 (model : WS-C2960-24TT-L). I am doing vla, port-security. In port-security it only fixed the no of maximum port allowed per port. But I need to fixed the IP address per port; that mean the pre-define ip address can be accessed by a particular port. Is it possible? Greatful I have the solution.

Hi,

You cannot achive via port security that pre defined ip can access particular port,yes if you want to impelment 802.1x authentication integaration via ACS with this only authenticated user can access the switch vlan or port can come on active state.

Check out the below link on 802.1x auth in switches

http://www.ciscosistemas.org/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/dot1x.html

Hope to Help !!

Ganesh.H

Remember to rate the helpful post