Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

port security action on 3750 - requesting new feature maybe :)

Hi, I was wondering if there is a workaround to have a mac access-list bond to a port security violation action

our need is the following: we have a range of 10 mac addresses that can use any port on the 3750, we only want to allow those ones yet we also need to tak action if a denied mac appears on any port of the switch.

the only work around I found is to basically go into a port-rage mode and list all the allowed mac addresses under all the ports of the switch. I would also add to that a port violation action. did not test it but should work. problem is, it would be a huge config.

I did read that we can create a mac access list and then bind that mac to physical ports wich will actually simplify our solution yet I did not find a way to bind the mac list with a port violation action.

thanks for the feedback             

1 REPLY

port security action on 3750 - requesting new feature maybe :)

As you said you can do this by using port-security with default action shutdown, by allowing specfic 10 mac-addresses per port or if shutting the port is not neccessary then by simply using VLAN filter by calling vlan access-maps which will allow only those 10 mac addresses to communicate on that VLAN and silently drop other hosts.

Thanks,

Nandan Mathure

354
Views
0
Helpful
1
Replies
CreatePlease login to create content