Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
897
Views
0
Helpful
4
Replies

How to Limit Connections to Computers with Specified MAC addresses

lssprowls
Level 1
Level 1

‎01-23-2014 03:49 PM

By default the SG300-52P switch (300 Series Managed Switch) creates a Dynamic Address for any computer attached to it. I would like the switch to accept connections only from devices whose MAC address are "registered" in the device. I see that it is possible to create "Reserved MAC Addresses" and also to create "MAC-Based VLAN Groups". Should I use one of these features? How do I prevent the switch from creating dynamic addresses.

I read that it is possible to assign MAC addresses to ports. I'd prefer to allow computers with a valid MAC addresses to attach to any port. That way, I don't have to reconfigure the switch if a user connects his computer to a different port.

Labels:
0 Helpful
4 Replies 4

Tom Watts
VIP Alumni
VIP Alumni

‎01-24-2014 08:51 AM

Hi Lawrence, try this

https://supportforums.cisco.com/docs/DOC-27720

https://supportforums.cisco.com/docs/DOC-27753

Please let me know if this is not what you want. In the case this is not satisfactory, you need to look in to DYNAMIC ARP INSPECTION but that maps IP to MAC but can be regardless of port.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

lssprowls
Level 1
Level 1
In response to Tom Watts

‎01-24-2014 01:13 PM

I would prefer to allow a computer with a valid MAC address to be able to connect to any port, not just a specific port. Otherwise, for example, an employee cannot simply move his laptop from the port at his desk to a port in a conference room.

0 Helpful

mpyhala
Level 7
Level 7

‎01-24-2014 09:32 AM

Lawrence,

You may find this helpful as well:

http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=1863

- Marty

0 Helpful

lssprowls
Level 1
Level 1
In response to mpyhala

‎01-24-2014 01:24 PM

Suppose I configure VLAN1 for a set of MAC addresses. Nothing would prevent the switch from accepting additional, dynamic connections to VLAN1, right? So in order to make this work, I'd have to create, say, VLAN2 with my valid MAC addresses and have the switch accept dynamic connections into VLAN1 which would be configured as a "dummy" VLAN with no connections to servers and the firewall, right?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents