Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
641
Views
0
Helpful
2
Replies

Port Security remote user issues.

chrisdaniels
Level 1
Level 1

‎08-26-2013 11:59 AM - edited ‎03-10-2019 12:05 AM

We are currently using 3560 switches in our branches. We are in the process of implementing port-security on all these switches. In our testing we have been using sticky. The issue has come up with our remote users that travel from branch to branch with their laptops. They usually unplug the PC in an office from the IP phone and hook up there laptop. How can we allow that to happen without causing a violation on the interface? I am looking into MAC ACL but not sure it will work with sticky. I am fine changing to dynamic if it will work that way.

Labels:
0 Helpful
2 Replies 2

sam mackenzie
Level 1
Level 1

‎08-28-2013 08:45 AM

Port security isn't that great for mobile workers; although you could write in manually a certain amount of mac addresses it becomes difficult to manage and would be better to do this centrally.

It might be worth looking at dot1x instead of (or as well as) port security depending on your setup and requirements.

This page is pretty useful if you're interested.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/sw8021x.html

Hope this helps a little.

0 Helpful

Karsten Iwen
VIP
VIP

‎08-28-2013 11:04 PM

802.1x is probably the best solution if possible to implement. Port-Security can also work if you lower the security slightly. You could allow one more MAC-address on the Data-vlan and additionally configure a timeout on the learned entries instead of using sticky.


Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents