Solved: Re: Port-security MAC address range issue

simonaloka7 · ‎07-19-2023

Hello community, i'm just a new CCNA R&S certified

When configuring port-security on an interface of a Cisco c2960 Series, i face a small issue because i wanted to insert 250 secure static mac addresses on port fa0/15 without rewrite the same command line "switchport port-security mac-address aaa.bbb.ccc". Therefore, does a command or feature like "mac-address range" or "mac-address list..." exist on c2960 switches ?

How can i do to simplify this task ?

MHM Cisco World · ‎07-19-2023

sorry, the only way then is add manually one by one.

View solution in original post

MHM Cisco World · ‎07-19-2023

you can use sticky port-security with max 250
this make port learn 250 mac address add it as static secure automatic.

simonaloka7 · ‎07-19-2023

It is true, but if an unidentify machine (coming outside from the enterprise) plug onto that port, it will automatically accepted and secured in running configurations because the maximum (250 mac addresses) won't be reached yet. Where the necessity to insert statically all internal host mac addresses to avoid this kind of incident (except if i'm wrong). So how to acheive it easily.

MHM Cisco World · ‎07-19-2023

sorry, the only way then is add manually one by one.

simonaloka7 · ‎07-19-2023

In other hand, i think that Cisco can (if they want) add this feature to access switches, the possibility to add (statically) a list or range of secured mac address the command "switchport port-security mac-address list/range mac-address list/range" why not something like that when implementing port security. Or something like that exist on advanced category of switches...

MHM Cisco World · ‎07-19-2023

There is something in my mind' I will check it tonight in my lab and update you.