Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6688
Views
0
Helpful
6
Replies

MAC lock on Switch

admin_2
Level 3
Level 3

‎03-15-2004 06:01 PM - edited ‎03-02-2019 02:18 PM

What is the best way to fix an IP address to a switch port? So unless changed manualy only that IP will be able to send traffic through that port.

Thanks

Labels:
0 Helpful
6 Replies 6

emulder5
Level 1
Level 1

‎03-16-2004 09:51 AM

The port security feature will lock the port down by MAC address. This won't prevent a change in IP address on the device but will prevent a new NIC connection (or MAC address change) on that port.

Check syntax for your IOS/CatOS version.

eg # set port security

or # switchport port-security

Hope that helps.

-Mulder

0 Helpful

Not applicable
In response to emulder5

‎03-16-2004 02:29 PM

thanks, I'll try it and will let you know how it worked.

0 Helpful

milan.kulik
Level 10
Level 10
In response to emulder5

‎03-17-2004 01:46 AM

You might also try to use

arp ip-address hardware-address type [alias] (http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipras_r/ip1_a1g.htm#1079866)

command in your router config.

This might prevent a traffic from a different MAC send data through the router with the same IP address.

(But I've not tested if it really works.)

Regards,

Milan

0 Helpful

Not applicable
In response to milan.kulik

‎03-22-2004 12:17 PM

Ok, it worked realy nice but because we have 4 switches after enabeling "switchport" I couldn't access the other switches, they wouldn't respond to pings either. I looked into commands such as "switchport mode access" and "switchport access dynamic" etc. and nothing. If I have multiple switches on the network do I maybe have to make'em all "switchport". I have no VLANs exept for the default VLAN1 and here is my config for each port they are all the same:

interface FastEthernet0/1

switchport mode access

switchport port-security

switchport port-security maximum 1

switchport port-security violation shutdown

no ip address

0 Helpful

kelly-john
Level 1
Level 1
In response to

‎03-22-2004 03:22 PM

Just to check, if you have that config on your switch uplink port (i.e. the port that links one switch to another) then as soon as that port sees more than one MAC address it will shut down (this is what the commands

switchport port-security maximum 1

switchport port-security violation shutdown

do. Ideally you need to take the config you posted OFF your uplink ports.

0 Helpful

Not applicable
In response to kelly-john

‎03-23-2004 05:37 PM

ok, I'll try.

Thanks again

0 Helpful
Customers Also Viewed These Support Documents