Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Router port and Switchport security

I have just realized that once you perform "no switchport" on a switch, you can no longer perform switchport security on a port.

I would like to have "no switchport" and yet be able to perform a "switchport security" so that I can limit the number of mac addresses connecting to that port.

Is there a way?

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Bronze

Re: Router port and Switchport security

No.

Those are the limitation you may face when doing L3 switchport. You lose switchport capabilities.

__

Edison.

10 REPLIES
Hall of Fame Super Bronze

Re: Router port and Switchport security

You can't perform switchport related commands - such as security - on a Layer 3 port.

If you need switchport security as part of the design, you must enable switchport features on the port (Layer 2 switchport) and assign this port to a Vlan. You can apply the IP address intended for this switchport under the Switch Virtual Interface (SVI) and will behave the same as applying the IP under the switchport.

HTH,

__

Edison.

New Member

Re: Router port and Switchport security

Hi Edison,

I understand the way to do physical port security. So I'm asking if there's any other way?

Is 802.1x capable of achieving that on a routed port ?

Hall of Fame Super Bronze

Re: Router port and Switchport security

You could implement security ACLs ..

dot1x is only available on L2 switchports.

New Member

Re: Router port and Switchport security

> You could implement security ACLs ..

What kind of security ACLs are you referring? Mac filtering access-list ?

> dot1x is only available on L2 switchports.

Thanks for answering.

Hall of Fame Super Bronze

Re: Router port and Switchport security

Yes, mac filtering acls.

New Member

Re: Router port and Switchport security

Hi Edison,

> Yes, mac filtering acls.

Thanks. Just wondering if there are any other means, cause I would most likely need to apply the ACLs to all 48 ports of my access switch ports. They have to be 48 different named ACLs.

Hall of Fame Super Bronze

Re: Router port and Switchport security

No.

Those are the limitation you may face when doing L3 switchport. You lose switchport capabilities.

__

Edison.

New Member

Re: Router port and Switchport security

Hi Edison,

I just realized that mac acccess-group is not supported on routed port. The option is not available as soon as I did a "no switchport".

Is mac access-group the security ACL you are referring to?

Hall of Fame Super Bronze

Re: Router port and Switchport security

You are right, just realized that - my apologies.

I believe the only option is using the mac address-table static global command:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_44_se/command/reference/cli1.html#wp2789851

HTH,

__

Edison.

New Member

Re: Router port and Switchport security

Thanks Edison, I'll go check out tomorrow when I get back to office.

Cheers,

Alan

193
Views
0
Helpful
10
Replies
CreatePlease to create content