cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2106
Views
11
Helpful
5
Replies

Mac-address security

Roman Takush
Level 1
Level 1

Greetings!

I have a Catalyst 2950 switch in my network, and i need to prevent unknown hosts from network access. There are 10 computers connected to this switch. And i want any of this computers can be connected to any port of switch. How can i make it? If i try to do it by using port-security and declare all mac-addresses of computers on all ports of switch, is says "Found duplicate mac-address xxxx.xxxx.xxxx".

Thanks for help.

Best Regards,

Takush Roman.

1 Accepted Solution

Accepted Solutions

podhillo
Level 1
Level 1

This can be achieved by these methods:

1] Mac-Access List - recommended.
2] VCAL
3] Port security - recommended.
4] 802.1X Authentication

You can create a mac access list LOCALMACHINES with about 10 mac addresses
like this :
mac access-list extended LOCALMACHINES
permit host xxxx.xxxx.xxxx any

**Please check if this supported in 2950

Please let me know if this was helpful.

View solution in original post

5 Replies 5

gauravshar
Level 2
Level 2

I am not sure whether you are using these computers in a domain, you may make use of 802.1x which grants access to the connected user only when the user-id/password supplied by the user to login the computers are verified by AAA system. Only after that is verified the users could get the IP address from DHCP and do something on the network.

Thanks,

Gaurav

podhillo
Level 1
Level 1

This can be achieved by these methods:

1] Mac-Access List - recommended.
2] VCAL
3] Port security - recommended.
4] 802.1X Authentication

You can create a mac access list LOCALMACHINES with about 10 mac addresses
like this :
mac access-list extended LOCALMACHINES
permit host xxxx.xxxx.xxxx any

**Please check if this supported in 2950

Please let me know if this was helpful.

Ganesh Hariharan
VIP Alumni
VIP Alumni

Greetings!

I have a Catalyst 2950 switch in my network, and i need to prevent unknown hosts from network access. There are 10 computers connected to this switch. And i want any of this computers can be connected to any port of switch. How can i make it? If i try to do it by using port-security and declare all mac-addresses of computers on all ports of switch, is says "Found duplicate mac-address xxxx.xxxx.xxxx".

Thanks for help.

Best Regards,

Takush Roman.

Hi Takush Roman,

Configure the following command on interfaces to allow 10 mac, in the below i have shown with two mac-address with voilation as shutdonw

interface fastethernet 0/6

switchport mode access

switchport port-security violation shutdown

switchport port-security maximum 2

switchport port-security mac-address sticky 1111.1111.1111

switchport port-security mac-address sticky 2222.2222.2222

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Roman Takush
Level 1
Level 1

Thanks everyone, your answers were very helpful. I decided to use mac-address access lists, this is the best solution for me. Thanks for help once again.

Best Regards,

Takush Roman.

Thanks Takush Roman for updating us,

***I guess stiky command is not supported on 2950 switches***

Regards,

podhillo

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: