https://community.cisco.com/t5/network-security/port-security/m-p/5081069#M1111750 <P>Port-security is not a good solution for what you / your CTO wants to do,&nbsp; I would suggest looking into using ISE and 802.1x.&nbsp; A much better and scaleable solution.</P> Sun, 28 Apr 2024 12:55:15 GMT Marius Gunnerud 2024-04-28T12:55:15Z https://community.cisco.com/t5/network-security/port-security/m-p/5080311#M1111716 <P>Dears&nbsp;</P><P>our CTO wants the whole company mac address to be added in a port security so that nobody outside the company&nbsp;can access our network, is there any alternative solution for adding all the mac addresses manually.</P> Sat, 27 Apr 2024 11:19:00 GMT https://community.cisco.com/t5/network-security/port-security/m-p/5080311#M1111716 mohammedalrawiib 2024-04-27T11:19:00Z https://community.cisco.com/t5/network-security/port-security/m-p/5080314#M1111717 <P>the solution is MAB&nbsp;</P> <P>adding MAC is not prevent other MAC from ADD<BR />adding MAC in port security will force only these MAC to use specific port</P> <P>solution is MAB if the MAC not found in radius the access is deny&nbsp;</P> <P>MHM&nbsp;</P> Sat, 27 Apr 2024 11:24:20 GMT https://community.cisco.com/t5/network-security/port-security/m-p/5080314#M1111717 MHM Cisco World 2024-04-27T11:24:20Z https://community.cisco.com/t5/network-security/port-security/m-p/5080317#M1111719 <P>Randomize MAC address is going to wreck that plan.</P> Sat, 27 Apr 2024 11:39:48 GMT https://community.cisco.com/t5/network-security/port-security/m-p/5080317#M1111719 Leo Laohoo 2024-04-27T11:39:48Z https://community.cisco.com/t5/network-security/port-security/m-p/5080318#M1111720 <P>There&nbsp; command to disable MAC learn under vlan' but I never test before' I will try it in my lab abd update you.</P> <P>Thanks&nbsp;</P> <P>MHM</P> Sat, 27 Apr 2024 11:42:10 GMT https://community.cisco.com/t5/network-security/port-security/m-p/5080318#M1111720 MHM Cisco World 2024-04-27T11:42:10Z https://community.cisco.com/t5/network-security/port-security/m-p/5080321#M1111722 <P>I would really appreciate it&nbsp;</P><P>waiting for your feedback</P> Sat, 27 Apr 2024 11:59:35 GMT https://community.cisco.com/t5/network-security/port-security/m-p/5080321#M1111722 mohammedalrawiib 2024-04-27T11:59:35Z https://community.cisco.com/t5/network-security/port-security/m-p/5080960#M1111745 <P>Network access control (NAC) is the general term for such measures. Cisco's product that does this is Identity Services Engine (ISE).</P> Sun, 28 Apr 2024 09:36:54 GMT https://community.cisco.com/t5/network-security/port-security/m-p/5080960#M1111745 Marvin Rhoads 2024-04-28T09:36:54Z https://community.cisco.com/t5/network-security/port-security/m-p/5081069#M1111750 <P>Port-security is not a good solution for what you / your CTO wants to do,&nbsp; I would suggest looking into using ISE and 802.1x.&nbsp; A much better and scaleable solution.</P> Sun, 28 Apr 2024 12:55:15 GMT https://community.cisco.com/t5/network-security/port-security/m-p/5081069#M1111750 Marius Gunnerud 2024-04-28T12:55:15Z https://community.cisco.com/t5/network-security/port-security/m-p/5095123#M1112265 <P>Thank you&nbsp;</P> Thu, 09 May 2024 08:51:41 GMT https://community.cisco.com/t5/network-security/port-security/m-p/5095123#M1112265 mohammedalrawiib 2024-05-09T08:51:41Z