10-12-2020 05:15 AM
can i make two port interfaces from the same stack learn the same MAC address while port security is on?
can i exclude the address from the security table so it won't count?
10-12-2020 05:26 AM
- A mac address is only learned when a device is active on a particular port.
M.
10-12-2020 06:37 AM
let's say i need to move one device between two rooms occasionally and be able to do it without cleaning port security every time,
on the other hand i don't want to cancel the port security entirely.
10-12-2020 09:53 AM
You can make violation not to down the traffic but only generate the log
10-15-2020 02:55 AM
Hi,
depending on the switch model, you can implement a mac access-list. It's like an IP access-list but starts at L2, and will prevent any forwarding on a switchport if the MAC is not permitted. It's like port-security but not tied to one switchport. But there is no automatic shutdown mechanism for the switchport.
e.g. create the "mac-access-list" (here only packets with src-mac "0011.2233.4455" will be have access to the network):
mac access-list extended TRUSTED-MACs permit host 0011.2233.4455 any deny any any exit
e.g. apply to all the interfaces which should participate
int range g2/0/1-48 mac access-group TRUSTED-MACs in exit
This will check all mac addresses learned on all switchports of switch member 2 against the "TRUSTED-MACs". If mac is not in the list, all pakets with this mac will be dropped. Ports without this configuration will not be checked.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: