Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Question in mac-address sticky

Hi all,

just a quick question

assume i have two pcs , pc1 & pc2 connected to switchA

and switch A go to switch B by trunk.

there is pc3 on switch B.

 

topology as below :

 

pc1 ,pc2-----SWA--------SWB-----pc3

 

the question is.

if i want to allow only pc1 & pc2 devices to access pc3 by .

 

wt is the maximum mac address should be put on the SWA to restrict ?

2 or 3 ?

i mean under the interface command:

switchport port-security maximum 2

 

or

 

switchport port-security maximum 3

 

 

and why ?

regars

4 REPLIES
Bronze

You question is incomplete,

You question is incomplete, can you clarify what you are trying to achieve?

From what you are saying you are looking at the wrong solution, 'port security' restricts an interface to the devices that are specified, or learned, in the case of 'sticky'.

However, you want to prevent a host connecting to another? If so, there are various approaches to this.

Martin

 

Community Member

HIi ,here is wt i have

HIi ,

here is wt i have :

switchport mode trunk
 switchport port-security
 switchport port-security maximum 2
 switchport port-security mac-address sticky 
 switchport port-security violation restrict

as i undertstand that i put max is 2 for the two pcs.

 

want to ask , if i made a telnet to the switch  SWA itself from pc3 , do i need to allow more than 2 macs in this case ?

Cisco Employee

 With this config, not more

 

With this config, not more than two PC can be connected to SW-A, but if requirement is to access PC3 then mac-acl can be applied on access port of PC3 to allow source mac of pc1 and pc2. With this more than two pc can be connected to SW-A but only pc1 and pc2 can access pc3. If requirement is to limit number of devices on SW-A access port to 2, then your config is correct (switchport port-security maximum 2).

 

Regards,

Akash

Cisco Employee

Ahmed,Switch port-security

Ahmed,

Switch port-security Maximum 2 ==.> Means that you can connect upto 2 machines only to this specific port.(Its connecting the pc to the port physically, & not incoming connection from outside world).

 

Here is what you need to do:

Switch2:

==========

For restricting the access to the PC3 either from its own switch or external you need to use the Access-list to filter the allowed and blocked mac/ip to this specific machine on switch 2.

 

HTH

Regards

Inayath

142
Views
0
Helpful
4
Replies
CreatePlease to create content