cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2554
Views
0
Helpful
4
Replies

Port Security Setting to block Rogue Wireless Access Point Installation

j.t.faust
Level 1
Level 1

Can one use port security (limit the learned MACs)on a Cat 3500/3550/4000 to stop users from connecting a wireless access point?

If yes, will the first client on the access point be blocked? What is the command syntax?

Ted

4 Replies 4

t.baranski
Level 4
Level 4

Port security can be used to stop users from connecting pretty much anything. You explicitly permit source MAC addresses that are permitted on a given port and any others are denied.

The syntax varies greatly depending on switch model and OS version. See the documentation: http://www.cisco.com/en/US/products/hw/switches/index.html

Using Port Security you can also limit the number of MACs learned on each port, i.e. set the value low to prevent connection of a hub/switch to a users host port.

badamson
Level 1
Level 1

This depends on if the access point in question has a mac address that is entered in the cam table. If it does, then obviously the first client will end up causing the port to be disabled. If it doesn't then the second client will (assuming that you are configured for only a single mac address).

Keep in mind that by enabling port security you are potentially increasing the amount of administration you have to do. You can also look at using bpduguard to accomplish this same thing since this will shut down a port in portfast mode if a bpdu is received on it.

We typically disable portfast on the 10/100 ports that our access points connect to. Doesn't portfast need to be enabled in order for bpdu-guard to work?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: