CISCO 1861 Switch port port security

Unanswered Question
Jun 30th, 2010
User Badges:

Hi all,

i have installed Cisco 1861 Router with 8 PoE switching ports , as per the company security policy we should enable the port security as following

interface GigabitEthernet0/2

switchport port-security maximum 3
switchport port-security
switchport port-security violation protect
switchport port-security aging type inactivity

but its not accepting this command more over i dont want to hardcode the MAC address to the interfaces since i want the switch to handle it automatically because users are roaming frequently.


please assest with the same:)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Leo Laohoo Wed, 06/30/2010 - 22:58
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

because users are roaming frequently.

Get wireless.



switchport port-security maximum 3

Why "3"?  Why not just set to 1?
Muzzamil Hussain Wed, 06/30/2010 - 23:18
User Badges:

until now we dont have a wireless infrastructure


why 3 because we for every user will be 1 PC or labtop , 1 IP phone, last MAC is kept as free.

Leo Laohoo Thu, 07/01/2010 - 04:29
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Use the following commands:


will be 1 PC or labtop

switchport access vlan



1 IP phone

switchport access voice vlan



ast MAC is kept as free

Never heard of this before. 
amvarana Wed, 06/30/2010 - 23:03
User Badges:
  • Cisco Employee,

What is the switching module you are using on the router ?

What is the IOS version you are running


Could you attach a snapshot of the error message you are recieving while configuring those commands

Muzzamil Hussain Thu, 07/01/2010 - 02:20
User Badges:

R1# show Diag

C1861 Mainboard 1FE, 8FE POE, Stacking FE, MOH, Port adapter

        Port adapter is analyzed

        Port adapter insertion time unknown


R1# show version


Cisco IOS Software, C1861 Software (C1861-ADVIPSERVICESK9-M), Version 12.4(24)T3, RELEASE SOFTWARE (fc2)



Cisco C1861-SRST-F/K9 (MPC8358) processor (revision 0x300) with 249856K/12288K bytes of memory.
Processor board ID FHK141070QC
MPC8358 CPU Rev: Part Number 0x804A, Revision ID 0x20
12 User Licenses
10 FastEthernet interfaces
4 Voice FXO interfaces
4 Voice FXS interfaces
1 Voice MoH interface
128K bytes of non-volatile configuration memory.
126000K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

amvarana Thu, 07/01/2010 - 21:50
User Badges:
  • Cisco Employee,

Hi Muzzamil


ISR 1861 does not support port security features.


You may try mac-address-table secure feature.

However you would have to hard code mac addresses for a particular interface


Refer this document for more on that


http://www.cisco.com/en/US/docs/ios/12_3/switch/command/reference/swi_m1.html#wp1085966


Also when you secure a mac on a router with "mac-address-table secure" command it will set the port into secure mode

It will only allow the mac address you have listed access to the network.

The ports will not  be shutdown or err-disabled for any violations.

Actions

This Discussion

Related Content