Port Security

Unanswered Question
Oct 13th, 2014
User Badges:

Hello guys, this is so far for me to configure port security. but i never do like this requirement below, and if all guy has experience please share me. I want to configure port security which allow on my client 100 computer can access to my LAN, so if my client take his own laptop to plug in to my switch, that port is shutdown. if this requirement it seems simple right? but I have special exception, if i want to all my client PC(which allow to access to LAN) can plug to all switch( mean i have 5 switch, and PC1 connect to SW1 but if i take PC1 to plug to SW2 it still work without shutdown port), but still can have connectivity to access. Please help me. Thank

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
InayathUlla Sharieff Mon, 10/13/2014 - 21:50
User Badges:
  • Cisco Employee,

Sorry to say not clear what you are trying to achieve here.

Anyways here is what you can do with Port-Security:

 

1- On a single port you can configure port-security to allow maximum number of PC's to be connected and also for some extent you an configure the mac address to be blocked down on port exclusively.

 

HTH

pdara0001 Mon, 10/13/2014 - 23:56
User Badges:

Dear Insharie,
    Sorry for inconvenient with my unclear question. let me describe to you again.
Assume I have 5 switch(SW1,SW2,SW3,SW4,and SW5), and the client1's PC normally connect to
SW1, but once day his computer is moved to connect to SW3, so if we configure Port Security,
The port is shutdown becuase our restriction. the goal what i gonnna do is all computer
(100 computer) can plug any switch without shutdown or restrict.

fatalXerror Mon, 10/13/2014 - 22:24
User Badges:

Hi pdara0001,

Good Day!

Are you trying to say that your client has 2 endpoint devices (1 company provided computer and 1 personal laptop)?

Do you mean that when your client connects to the switch using his/her own personal laptop, the port should shutdown the connection? Because in that is the cause, I believe it is much better if you configure 802.1x authentication rather than the port security mechanism because if you will use the port security, it uses MAC address of the endpoints to determine if the endpoint is allowed or not. This means that you will need to know the 100 computers' MAC addresses to implement it.

In the other hand, for this 802.1x security you can use Cisco ACS or Cisco ISE then integrate it to your Active Directory (AD) so that ACS or ISE will query the AD for the user credentials which means that the company computers must be joined into the company's domain. 

After integrating the ACS or ISE to the AD, you should configure the switches to support 802.1x.

Thank you and have a nice day!

 

Cheers,

Niks

 

 

pdara0001 Mon, 10/13/2014 - 23:55
User Badges:

Dear Niks,
    First, I am overly grateful with your answer and clear. yeah you got my meaning.
Assume I have 5 switch(SW1,SW2,SW3,SW4,and SW5), and the client1's PC normally connect to
SW1, but once day his computer is moved to connect to SW3, so if we configure Port Security,
The port is shutdown becuase our restriction. the goal what i gonnna do is all computer
(100 computer) can plug any switch without shutdown or restrict. And Regarding your explain,
I need to search with 802.1X to implement,because i don have experience with this before.


 

Actions

This Discussion