How to tell if there is more than one device on a switch port

Unanswered Question
Jul 21st, 2010

Hi all,

Is there an easy way to tell if there is more than one device on a switch port?

What I am trying to do is set port-security on every port of a switch for a maximum of one device.  This will obviously shut down any port with more than a device on it.  So is there anyway to tell how many devices are on a port, so I can set the maximum accordingly?

Thanks,

-SA.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.3 (3 ratings)
Loading.
royalblues Wed, 07/21/2010 - 11:20

you can check for the number of mac addresses being learnt at each port using the cli command "sh mac-address-table dynamic

I knwo this could be frustrating but in general all but trunks ports of the switch can be configured for port secruity with a max of one mac-address.

If you have an IPT deployment with desktops hooking off the phones, then you may have to configure the port for a maximum of 2 mac-address

HTH

Narayan

Nagaraja Thanthry Wed, 07/21/2010 - 11:21

Hello,

If you issue "show mac address-table dynamic interface " you

will see all registered mac addresses on that port. That would be a good

starting point.

Hope this helps.

Regards,

NT

Leo Laohoo Wed, 07/21/2010 - 19:19

Shut down the port and wait for the phone to ring.  He he he ...

One option is to enable port security and set maximum MAC address.  This is because some servers don't advertise their MAC address. 

josh-farrelly Wed, 07/21/2010 - 20:22

How could they not 'advertise' their MAC address?

If they're going to send any type of packet on a switched-network then of course they're going to need to have their MAC address known. Whether or not they spoof a MAC is another question, but either way you look at it; it will still be well known information (at least from a switches perspective).

Leo Laohoo Wed, 07/21/2010 - 21:12

NIC Teaming.  The primary NIC will advertise but the secondary NIC will go "silent".

josh-farrelly Wed, 07/21/2010 - 21:17

Fair point, although one could debate whether they'd be hanging off the same switch port (unless there were a switch or hub downstream from the switch you're looking at of course).

Leo Laohoo Wed, 07/21/2010 - 21:32

Thus my initial post of "disable the ports".  If you use the command "sh mac- int " and your output, say, is 10 MAC address but in fact you have more "silent" MACs.  You won't know.  But I've done this several times and I got the answer faster than trawling. 

Actions

This Discussion