Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
246
Views
0
Helpful
2
Replies

changing interface configurations from Dot1X to port security fails

Anas Hijjawi
Level 1
Level 1

‎03-19-2014 12:50 AM - edited ‎03-10-2019 09:33 PM

Hi, we configured most of the switches interfaces with Dot1X, it was working fine, now we need to change some of the ports back to port security, once we enable the port security the user will be disconnected from the network.

If we make it a normal port with no security features enabled it will work fine.

We tried to default the port and configure it agai

also we tried to clear the port security for that interface, but with no luck.

 

Thanks in advance

Thanks, Anas *--* Please rate the useful post,its free ;) *--*
Labels:
0 Helpful
2 Replies 2

Saurav Lodh
Level 7
Level 7

‎03-19-2014 02:19 AM

Hello Anas,

In that case enabling switch to remember MAC , you could have used 802.1x with port security enabled ports. Since you have not configured port security on ports which are 802.1x enabled ports, switch will not remember the MAC. Below is suggested in this scenario.

Using 802.1X with Port Security

You can enable an 802.1X port for port security by using the dot1x multiple-hosts interface configuration command. You must also configure port security on the port by using the switchport port-security interface configuration command. With the multiple-hosts mode enabled, 802.1X authenticates the port, and port security manages network access for all MAC addresses, including that of the client. You can then limit the number or group of clients that can access the network through an 802.1X multiple-host port.

 

 

0 Helpful

Anas Hijjawi
Level 1
Level 1
In response to Saurav Lodh

‎03-19-2014 02:29 AM

Thanks for your feedback, actually we need to remove the Dot1X configurations from that port, we need to keep only the port security commands

Thanks, Anas *--* Please rate the useful post,its free ;) *--*
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents