Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Port Security on Layer 2 Switches

Wanted to discuss the option of port security on Layer 2 switches that will enable me to prevent outside device from connecting to an internal network.  Based upon some documentation switchport port-security options are available on the existing 12.2 SG IOS however I'm looking for some othe users which have implemented this process.

5 REPLIES
Bronze

Port Security on Layer 2 Switches

Port security works well on static enviroments, if you have hot desks with laptop users it causes problems

this doc is a good explanation of how to setup port security

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/19ew/configuration/guide/port_sec.pdf

New Member

Re: Port Security on Layer 2 Switches

Thanks

Silver

Re: Port Security on Layer 2 Switches

Portsecurity feature helps to limit the numbers of MAC that can be  associated with a switch port, it can't differentiate between outside or  an inside mac address.

I don't think static mapping of MAC addresses to a  port is a feasible option, so the next best bet is to use mac address  sticky feature and limit the number of mac address on each port to a max  of 2 if you use IP phones.Sticky option will help to learn the MACs of  existing connected devices and the max option will help to err-disable  the port if more than specified MACs are seen on the port.

As  p.mcgowan said in his above post, it will soon become an adminstrative nightmare if you use it without proper planning.

Siddhartha
New Member

Re: Port Security on Layer 2 Switches

thanks,

My overall concerns is that many of these option are for single mac address currently were not using IP phones therefore all mac address would be strictly device ie workstations, laptops and printers. In addition, I have several trunk ports created with small Cisco switch that allow software developers use multiple devices while just occupying a single data connection. I will continue ready this information provided but this a brief description of what were attempting to secure within our network.

Finally, 80% of our overally network the sticky solutions appears to be the best option however I'm concern about the other 20%.

Silver

Re: Port Security on Layer 2 Switches

You can configure trunk port security for the trunk ports.Below document provides good information about portsecurity, hope that will help.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.pdf

Siddhartha
247
Views
0
Helpful
5
Replies
CreatePlease login to create content