CISCO 1861 Switch port port security

Unanswered Question
Jun 30th, 2010

Hi all,

i have installed Cisco 1861 Router with 8 PoE switching ports , as per the company security policy we should enable the port security as following

interface GigabitEthernet0/2

switchport port-security maximum 3
switchport port-security
switchport port-security violation protect
switchport port-security aging type inactivity

but its not accepting this command more over i dont want to hardcode the MAC address to the interfaces since i want the switch to handle it automatically because users are roaming frequently.

please assest with the same:)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Leo Laohoo Wed, 06/30/2010 - 22:58

because users are roaming frequently.

Get wireless.

switchport port-security maximum 3

Why "3"?  Why not just set to 1?
muzzamilabdu Wed, 06/30/2010 - 23:18

until now we dont have a wireless infrastructure

why 3 because we for every user will be 1 PC or labtop , 1 IP phone, last MAC is kept as free.

Leo Laohoo Thu, 07/01/2010 - 04:29

Use the following commands:

will be 1 PC or labtop

switchport access vlan

1 IP phone

switchport access voice vlan

ast MAC is kept as free

Never heard of this before. 
amvarana Wed, 06/30/2010 - 23:03

What is the switching module you are using on the router ?

What is the IOS version you are running

Could you attach a snapshot of the error message you are recieving while configuring those commands

muzzamilabdu Thu, 07/01/2010 - 02:20

R1# show Diag

C1861 Mainboard 1FE, 8FE POE, Stacking FE, MOH, Port adapter

        Port adapter is analyzed

        Port adapter insertion time unknown

R1# show version

Cisco IOS Software, C1861 Software (C1861-ADVIPSERVICESK9-M), Version 12.4(24)T3, RELEASE SOFTWARE (fc2)

Cisco C1861-SRST-F/K9 (MPC8358) processor (revision 0x300) with 249856K/12288K bytes of memory.
Processor board ID FHK141070QC
MPC8358 CPU Rev: Part Number 0x804A, Revision ID 0x20
12 User Licenses
10 FastEthernet interfaces
4 Voice FXO interfaces
4 Voice FXS interfaces
1 Voice MoH interface
128K bytes of non-volatile configuration memory.
126000K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

amvarana Thu, 07/01/2010 - 21:50

Hi Muzzamil

ISR 1861 does not support port security features.

You may try mac-address-table secure feature.

However you would have to hard code mac addresses for a particular interface

Refer this document for more on that


http://www.cisco.com/en/US/docs/ios/12_3/switch/command/reference/swi_m1.html#wp1085966

Also when you secure a mac on a router with "mac-address-table secure" command it will set the port into secure mode

It will only allow the mac address you have listed access to the network.

The ports will not  be shutdown or err-disabled for any violations.

Actions

This Discussion

Related Content