Cisco Catalyst 1300 - 802.1X Auth and limit Ports to 1 device?

bm231 · ‎04-14-2025

Hi there,

i'm new to Cisco. We're configuring some Catalyst 1300-Switches and i'm trying to figure out, how i can limit ports to 1 device (MAC-Address). I'm using C1300-48T-4X with the actual firmware 4.1.6.54 in this case.

I've already successful setup a 802.1X-Radiusauthentication with dynamic VLAN (Microsoft NPS). When i try to configure Port Security on one Port, and set it to

I'm getting an error:

802.1x Port Control Mode prevents executing Lock port Dynamic Enable.

Is it not possible to use 802.1X and the dynamic lock?

We wan't to achive, that no user is able to connect a physical Switch to a port and connect further devices. Or, for example, that a VM in HyperV/VMware Workstation can be used in "bridge"-Mode to the local network.

Thanks in advance,

Bastian

marce1000 · ‎04-14-2025

- I presume this leads to a race condition w.r.t learning mac addresses and the 802.1x enforcement on the port (even when set to one only). Can you use Classic Lock instead ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

MHM Cisco World · ‎04-20-2025

Can you elaborate more.

But let me notice you that 802.1x not work well with port-secuirty.

And for one deivce per port using 802.1x you need to use host mode single-host.

MHM