cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

855
Views
0
Helpful
7
Replies
gnazer
Beginner

Allowing a desktop just to specific switch port

Hello, I was wondring if there is a way to allow a specific desktop (mac) just in a specific port. Port Security did not work, if you change the desktop and not connect anything in the port with port security. Static Mac address neither worked.

Suggestions?

7 REPLIES 7
jonatrod
Rising star

Good morning

Thanks for using our forum

Hi gnazer  my name is Johnnatan and I am part of the Small business Support community, It´s going to be very useful if you told us your switch model, on that way we could give you a better help, for now, what I can say is that you probably misconfigured port-security, let me share some information about it

http://www6.nohold.net/CiscoSB/Loginr.aspx?login=1&pid=4&app=search&vw=1&articleid=85

And yes,  there's another way to aunthenticate  users, using a Radius server and  the 802.1X Port Authentication protocol.

http://www6.nohold.net/CiscoSB/Loginr.aspx?login=1&pid=4&app=search&vw=1&articleid=988 

I hope you find this answer useful, if it was satisfactory  for you, please mark the question as Answered.

Please rate post you consider useful.

Greetings,

Johnnatan Rodriguez Miranda.

Cisco network support engineer.

Cisco has a very useful tool called GuideMe, is made for small business products, and your device is in this category, you can use this address for accessing the tool: http://sbkb.cisco.com/CiscoSB/Loginr.aspx?alt1 = & pid = 4 & eroute = Super, is very easy to use, just complete the 3  spaces on this way:

Select a category: (Select the device type on request), e.g. Routers

Enter model: (Type the model on request), e.g. RV042

Question: (Type what  you want to know  about the device), e.g. VPN

And it'll be showing all the information you need about what you wrote.

“Please rate useful posts so other users can benefit from it” Greetings, Johnnatan Rodriguez Miranda. Cisco Network Support Engineer.

Thnaks Jonathan, Sorry I forgot to mention the switche model, they are Catalyst 3750

Hi gnazer

Did you enable the port security features, with “switchport port-security”?, by the way, your interface configuration has to look moreless like this.

Int GIx/x

  switchport port-security                                 -->  enable port security

  switchport mode access                                -->  Configures the port as  access switchport

  switchport access vlan (#)                              --> Number of the port vlan.

  switchport port-security mac-address sticky     --> Maps dinamically tha Mac-address

  switchport port-security maximum {# }             -->Limit the number of hosts per port

  switchport port-security violation {protect | restrict | shutdown |shutdown vlan}     -->Action at the port in case of a attempted of violation

I hope you find this answer useful, if it was satisfactory  for you, please mark the question as Answered.

Please rate post you consider useful.

Greetings,

Johnnatan Rodriguez Miranda.

Cisco network support engineer.

“Please rate useful posts so other users can benefit from it” Greetings, Johnnatan Rodriguez Miranda. Cisco Network Support Engineer.

Thanks Again Jonathan, I had consider the options that you have suggested, but I should configure all switch ports in this way right? With all implicantions ragarding the administrative work.

I want that Workstation with Mac A just work isuccesfuly in port 1 (no other port)

If I configure JUST port 1 in this way, just the Workstation with the mac A could be connected in port 1.

If I connect Workstation Mac B in port 1 a violation will occur

If I connect Workstation A in port 2, connection will be successful (this is what I want to prevent)

Hi gnazer

What I recommend you is to statically assign each port with its respective MAC address  of each computer, and turn off all unused ports.Let´s say you have a switch with four ports and you have three computers, and you want to each  computer can  access to one specific port.

Port 1 →  Computer A

Port 2 →  Computer B

Port 3 →  Computer C

Port 4 →  Not in use

A example configuration could be this one.

interface FastEthernet0/1

  switchport access vlan 10

  switchport mode access

  switchport port-security

  switchport port-security violation restrict

  switchport port-security mac-address AAAA.AAAA.AAAA

interface FastEthernet0/2

  switchport access vlan 10

  switchport mode access

  switchport port-security

  switchport port-security violation restrict

  switchport port-security mac-address BBBB.BBBB.BBBB

interface FastEthernet0/3

  switchport access vlan 10

  switchport mode access

  switchport port-security

  switchport port-security violation restrict

  switchport port-security mac-address CCCC.CCCC.CCCC

interface FastEthernet0/4

  switchport access vlan 10

  switchport mode access

  Shutdown

I hope you find this answer useful, if it was satisfactory  for you, please mark the question as Answered.

Please rate post you consider useful.

Greetings,

Johnnatan Rodriguez Miranda.

Cisco network support engineer.

“Please rate useful posts so other users can benefit from it” Greetings, Johnnatan Rodriguez Miranda. Cisco Network Support Engineer.

Cisco ACS  or preferably Cisco ISE would be a better way to centrally manage this and also generate reporting in compliance and non-compliance.


I hope you find this information useful, if it was satisfactory for you, please mark the question as Answered. Please rate post you consider useful. -James
jurodri3
Beginner

Hello Gnazer,

Thank you for posting, unfortunately the Cisco Support community is dedicate to Small business products

In order to get an accurate and quick answer egarding our Enterprice devices you can post under the Enterprise support forum or contact our support line at 1-800-553-6387.

Diego Rodriguez

Cisco network engineer

Thank you.

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE Demo (100%)

Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel