Cisco Support Community
Community Member

Port Security remote user issues.

We are currently using 3560 switches in our branches. We are in the process of implementing port-security on all these switches. In our testing we have been using sticky. The issue has come up with our remote users that travel from branch to branch with their laptops. They usually unplug the PC in an office from the IP phone and hook up there laptop. How can we allow that to happen without causing a violation on the interface? I am looking into MAC ACL but not sure it will work with sticky. I am fine changing to dynamic if it will work that way.

Community Member

Port Security remote user issues.

Port security isn't that great for mobile workers; although you could write in manually a certain amount of mac addresses it becomes difficult to manage and would be better to do this centrally.

It might be worth looking at dot1x instead of (or as well as) port security depending on your setup and requirements.

This page is pretty useful if you're interested.

Hope this helps a little.

VIP Purple

Re: Port Security remote user issues.

802.1x is probably the best solution if possible to implement. Port-Security can also work if you lower the security slightly. You could allow one more MAC-address on the Data-vlan and additionally configure a timeout on the learned entries instead of using sticky.

Sent from Cisco Technical Support iPad App

CreatePlease to create content