I have just realized that once you perform "no switchport" on a switch, you can no longer perform switchport security on a port.
I would like to have "no switchport" and yet be able to perform a "switchport security" so that I can limit the number of mac addresses connecting to that port.
Is there a way?
Solved! Go to Solution.
You can't perform switchport related commands - such as security - on a Layer 3 port.
If you need switchport security as part of the design, you must enable switchport features on the port (Layer 2 switchport) and assign this port to a Vlan. You can apply the IP address intended for this switchport under the Switch Virtual Interface (SVI) and will behave the same as applying the IP under the switchport.
I understand the way to do physical port security. So I'm asking if there's any other way?
Is 802.1x capable of achieving that on a routed port ?
> You could implement security ACLs ..
What kind of security ACLs are you referring? Mac filtering access-list ?
> dot1x is only available on L2 switchports.
Thanks for answering.
> Yes, mac filtering acls.
Thanks. Just wondering if there are any other means, cause I would most likely need to apply the ACLs to all 48 ports of my access switch ports. They have to be 48 different named ACLs.
I just realized that mac acccess-group is not supported on routed port. The option is not available as soon as I did a "no switchport".
Is mac access-group the security ACL you are referring to?
You are right, just realized that - my apologies.
I believe the only option is using the mac address-table static global command: