I have a 4500 switch and I'd like to enable port security on all workstation ports. Ideally, I'd like to have the MAC address dynamically learned and not have to do it by statically configuring MAC addresses on each interface. Is this possible? I pretty much accepted the defaults for port-security configs. I tried experimenting with the aging timers, but still couldn't get it to work. All I see is that the MAC address for the port changes and no security is enforced. I've checked the links on Cisco's site for cat4500 port security and don't see any relevant information. Thanks - Rich
That's how I have the switch configured. Instead of shutting down the port when it sees a new MAC address, it just learns the new MAC address. I can see the MAC address change by issuing 'sh port-sec int f2/1'. Only when I statically configure a MAC address for the port does it shutdown when it sees a new MAC address..
I wonder if it's a problem with the version of code I'm running: 12.1(19)EW1
"Sticky secure MAC addressesThese can be dynamically learned or manually configured, stored in the address table, and added to the running configuration. If these addresses are saved in the configuration file, the interface does not need to dynamically relearn them when the switch restarts. Although sticky secure addresses can be manually configured, we do not recommend it."
Thanks for the reply.. I saw that info in an old post relating to port security and tried it on the 4500 - no luck! The 'sticky' parameter isn't supported on that platform I suppose. I found some port security bugs, but none similar to what I'm seeing. Thanks again.. Rich
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...