Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1467
Views
0
Helpful
1
Replies

Port-Security vs Mac Access list

imfvieira
Level 1
Level 1

‎11-04-2013 06:19 AM - edited ‎03-07-2019 04:24 PM

We made a mac access-list to block a especific vendor:

mac access-list extended list1
deny vendorID 0000.00ff.ffff any
deny vendorID 0000.00ff.ffff any

permit any any

and applied on interfaces...

interface fa0/1

mac access-group list1 in

We also have a port-security enabled on this interface.

 

I was trying to simulate on packet tracer, but it doesn´t suporte mac access-list.

My doubt is what will be checked first. Port-Security or Access-list.

If I block a mac in a list it will activate port-security or it will be blocked first before generating the port violation?

Thanks.

Labels:
0 Helpful
1 Reply 1

Jose Solano
Level 4
Level 4

‎11-07-2013 03:06 PM

Hi,

In this case what is the port-security configuration that you have applied on the interface? I would say for example that if you have a port security maximum 3 that will only trigger a violation in case another mac add is received in the port once the 3 allowed are already there, that said if you are blocking the macs from that vendor those will not get to be received on the port therefore the port-security will not be trigger.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card