Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

atalyst 3550 and Mac Address

Hello experts,

I am french (so please excuse my bad english).

I want to secure my network (a new one) by learning some MAC address. that is I do nothing during 2 or 3 days and all the MAC adress not in the MAC address table ("show mac adress table") have to eb rejected, is there a solution to this problem.

Please help me.

My second problem : is a software exists which can distribute a configuration to several switches. By example ciscoworks 2000 ?

Thanks in advance.

Best Regards,

Guillaume RENARD

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: atalyst 3550 and Mac Address

Hi!

If you want to secure your switch by learning and later blocking MAC addresses, you can go somehing like this:

To activate security on switchport:

"switchport port-security" This will lock on the first MAC address it learns on port.

"switchport port-security mac-address sticky" will learn all adresses and add them to config file.

"switchport port-security mac-address maximum 10" learn dynamicly upto 10 addresses.

You can configure maximum adress that port will learn, add or delete manuell with simple commands, clear switchport port-security...or switchport port-security mac-address .

Check with "?" after interface command "switchport port-security ?" for things like aging etc.

To distrubute config files:

Depends on what your after...heres some ways

To load a default config file from a BOOTP/TFTP server for a none configure switch. Default, out of the box and powered up, the switch "shouts" with broadcast and for sample files. You will need a DHCP+TFTP/BOOTP server and then point out the config file.

Use a simple tool for example kiwi.com to push a newcommandline on all switches.

CiscoWork works for this purpuse or you could use, SNMP, tweak Perl or other homegrown scripts.

2 REPLIES
New Member

Re: atalyst 3550 and Mac Address

Hi!

If you want to secure your switch by learning and later blocking MAC addresses, you can go somehing like this:

To activate security on switchport:

"switchport port-security" This will lock on the first MAC address it learns on port.

"switchport port-security mac-address sticky" will learn all adresses and add them to config file.

"switchport port-security mac-address maximum 10" learn dynamicly upto 10 addresses.

You can configure maximum adress that port will learn, add or delete manuell with simple commands, clear switchport port-security...or switchport port-security mac-address .

Check with "?" after interface command "switchport port-security ?" for things like aging etc.

To distrubute config files:

Depends on what your after...heres some ways

To load a default config file from a BOOTP/TFTP server for a none configure switch. Default, out of the box and powered up, the switch "shouts" with broadcast and for sample files. You will need a DHCP+TFTP/BOOTP server and then point out the config file.

Use a simple tool for example kiwi.com to push a newcommandline on all switches.

CiscoWork works for this purpuse or you could use, SNMP, tweak Perl or other homegrown scripts.

New Member

Re: atalyst 3550 and Mac Address

Thanks very much !!!

89
Views
0
Helpful
2
Replies
CreatePlease login to create content