Re: CISCO security-port Switch

Translator · ‎05-19-2022

Information on securing CISCO switchports.

I saw that it was possible to set more than one additional MAC address for a port, and if another MAC address connects, the packets are blocked.

Unfortunately I have a lot of PCs and servers, which becomes too long to enter all MAC addresses on each port. In addition, many PCs are rented, so a considerable number of MAC addresses would have to be changed.

Is it possible to connect a switch to a database, file or other that contains a list of MAC addresses that will be allowed on each port?

Thank you

Rob Ingram · ‎05-19-2022

@Translator @blaucournet you can use Cisco ISE with MAC Authentication Bypass (MAB).

You can create an endpoint identity group in ISE of MAC addresses and permit/deny traffic accordingly.

Jitendra Kumar · ‎05-19-2022

@Translator @blaucournet As I believe you can not connect switch with database for the mac filtering.

1. you can set the Max mac limit.

example :-Switch(config-if)# switchport port-security maximum 10

for achieve your goal you have to put other solution like @Rob Ingram have suggest.

Thanks,

Jitendra

Thanks,
Jitendra

Translator · ‎05-25-2022

Hello

The best way is to use ISE which will be the database and in which you can import all your mac addresses or use authentication methodologies other than mac.

on older switches, VMPS was used as the ancestor of the mab authentication.

Thank you