cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
411
Views
0
Helpful
4
Replies
Highlighted
Beginner

MAC address learning while port-security is on

can i make two port interfaces from the same stack learn the same MAC address while port security is on?

can i exclude the address from the security table so it won't count?

4 REPLIES 4
Highlighted
VIP Advocate

 

 - A mac address is only learned when a device is active on a particular port.

 M.

Highlighted

let's say i need to move one device between two rooms occasionally and be able to do it without cleaning port security every time,

on the other hand i don't want to cancel the port security entirely.

Highlighted
Enthusiast

You can make violation not to down the traffic but only generate the log

Highlighted

Hi,

depending on the switch model, you can implement a mac access-list. It's like an IP access-list but starts at L2, and will prevent any forwarding on a switchport if the MAC is not permitted. It's like port-security but not tied to one switchport. But there is no automatic shutdown mechanism for the switchport.

 

e.g. create the "mac-access-list" (here only packets with src-mac "0011.2233.4455" will be have access to the network):

mac access-list extended TRUSTED-MACs
permit host 0011.2233.4455 any
deny any any
exit

e.g. apply to all the interfaces which should participate

int range g2/0/1-48
mac access-group TRUSTED-MACs in
exit

This will check all mac addresses learned on all switchports of switch member 2 against the "TRUSTED-MACs". If mac is not in the list, all pakets with this mac will be dropped. Ports without this configuration will not be checked.

 

 

 

 

Content for Community-Ad