05-28-2010 08:37 AM - edited 03-06-2019 11:19 AM
Greetings!
I have a Catalyst 2950 switch in my network, and i need to prevent unknown hosts from network access. There are 10 computers connected to this switch. And i want any of this computers can be connected to any port of switch. How can i make it? If i try to do it by using port-security and declare all mac-addresses of computers on all ports of switch, is says "Found duplicate mac-address xxxx.xxxx.xxxx".
Thanks for help.
Best Regards,
Takush Roman.
Solved! Go to Solution.
05-28-2010 12:32 PM
This can be achieved by these methods:
1] Mac-Access List - recommended.
2] VCAL
3] Port security - recommended.
4] 802.1X Authentication
You can create a mac access list LOCALMACHINES with about 10 mac addresses
like this :
mac access-list extended LOCALMACHINES
permit host xxxx.xxxx.xxxx any
**Please check if this supported in 2950
Please let me know if this was helpful.
05-28-2010 09:51 AM
I am not sure whether you are using these computers in a domain, you may make use of 802.1x which grants access to the connected user only when the user-id/password supplied by the user to login the computers are verified by AAA system. Only after that is verified the users could get the IP address from DHCP and do something on the network.
Thanks,
Gaurav
05-28-2010 12:32 PM
This can be achieved by these methods:
1] Mac-Access List - recommended.
2] VCAL
3] Port security - recommended.
4] 802.1X Authentication
You can create a mac access list LOCALMACHINES with about 10 mac addresses
like this :
mac access-list extended LOCALMACHINES
permit host xxxx.xxxx.xxxx any
**Please check if this supported in 2950
Please let me know if this was helpful.
05-29-2010 09:40 PM
Greetings!
I have a Catalyst 2950 switch in my network, and i need to prevent unknown hosts from network access. There are 10 computers connected to this switch. And i want any of this computers can be connected to any port of switch. How can i make it? If i try to do it by using port-security and declare all mac-addresses of computers on all ports of switch, is says "Found duplicate mac-address xxxx.xxxx.xxxx".
Thanks for help.
Best Regards,
Takush Roman.
Hi Takush Roman,
Configure the following command on interfaces to allow 10 mac, in the below i have shown with two mac-address with voilation as shutdonw
interface fastethernet 0/6
switchport mode access
switchport port-security violation shutdown
switchport port-security maximum 2
switchport port-security mac-address sticky 1111.1111.1111
switchport port-security mac-address sticky 2222.2222.2222
Hope to Help !!
Ganesh.H
Remember to rate the helpful post
06-01-2010 07:05 AM
Thanks everyone, your answers were very helpful. I decided to use mac-address access lists, this is the best solution for me. Thanks for help once again.
Best Regards,
Takush Roman.
06-01-2010 07:15 AM
Thanks Takush Roman for updating us,
***I guess stiky command is not supported on 2950 switches***
Regards,
podhillo
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: