Re: Securing several switch ports for a range of mac addresses?

CSCO10576352 · ‎08-16-2007

Is it possible using port securtiy on a cisco 2950 to limit a range of ports to only all connectivity to 10 set mac addressess. What I am aiming to do is to allow ten users access independent of what cat port they connect to. At present when I try this the switch detects an error when the same mac addresses are specified on more than one port?

Pavel Bykov · ‎08-16-2007

For 10 mac addresses use the following commands:

switchport port-security maximum 10

switchport port-security mac-address MAC1

switchport port-security mac-address MAC2

.

switchport port-security mac-address MAC10

For more information refer to the command options:

http://www.cisco.com/en/US/customer/docs/switches/lan/catalyst4500/12.2/31sga/command/reference/snmp_vtp.html#wp1210569

Hope this helps.

Please rate all helpful posts.

CSCO10576352 · ‎08-16-2007

Hi, thanks for the reply. I had tried to configure the ports as you suggest however the issue is for example if I configure interface fa0/1 for the following secure mac addresses :

interface fa0/1

switchport port-security maximum 2

switchport port-security mac-address aaaa.aaaa.aaaa

switchport port-security mac-address bbbb.bbbb.bbbb

This works fine, however when I then issue the same configuration under interface fa0/2 and enter the same macs (the idea being that users can connect into either port) the switch throws an error to say duplicate mac addresses sourced and wont take the commands.

I guess this may not be possible to confgiure, I know dot1x would be the solution but i dont have the resources to implement this.