cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
484
Views
0
Helpful
3
Replies

MAC security on a 3548XL workgroup switch

ryandouglas
Level 1
Level 1

We have a printer connected to 3548XL workgroup switch which I want to be only contactable by only 2 MAC address's (ie two different hosts both connected the same afore mentioned switch). Currently any computer on the network can print to this printer, which is not ideal.

What are my options, without having to create a VLAN to 'secure' this host. Does this actual switch (3548XL-EN IOS ver 12.0(5) WC3) facilitate MAC security/Port security in my context, can it do MAC table restricted static entries?

Any help greatly appreciated.

TIA Ryan

3 Replies 3

dvlewis
Level 1
Level 1

You can use the port security feature. Set the max mac address for the port to 2. The first two mac addresses it learns will be the only ones that can access that interface. The port can be set to shutdown or deny access upon a violoation. If the switch resets the mac addressses for the interface will be cleared. To avoid this you could probably statically define them for the interface.

The two mac addresses will not be able to connect on any other interface in that VLAN.

Hope this helps some.

Don Lewis

UM-St. Louis

7rbowenii
Level 3
Level 3

Port security is only going to restrict what is connected to the actual physical port. You should be able to apply a Layer-2 acl that only alows traffic to/from req macs.

yes, you will apply the "mac-address-table static" command:

i.e.:

mac-address-table static 00-2f-2d-02-19-f0 f0/1 f0/2 f0/24 vlan 1

where

00-2f-2d-02-19-f0 : is the MAC Address with permision to connect to the destination.

f0/1: Port where the MAC Address 00-2f-2d-02-19-f0 is attached.

f0/2 and f0/24: is posible port to arrive with this MAC Address. Any other port in the switch wath no figure in the command, this MAC Address not arrive.

The Vlan #vlan, parameters is optional

I hope to help you.

Good luck.

Rodrigo

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco