01-12-2022 09:19 AM
Hi Guys,
I have a layer 2 Cisco switch 3850. I need to secure a device allowing only 2 devices to connect to the server.Can I do this config,
Switch(config)#interface fa x/x
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config)if)#switchport port-security maximum 3
Switch(config-if)#switchport port-security violation restrict
Switch(config-if)#switchport port-security mac-address h.h.h
Switch(config-if)#switchport port-security sticky h.h.h
Switch(config-if)#switchport port-security sticky h.h.h
Thanks
Solved! Go to Solution.
01-12-2022 11:25 AM
@juancarlosmartinez you are only allow that MAC address connected to the switchport, so if that MAC address is the server, then yes, only that server MAC address can be plugged into that interface on the switch.
01-12-2022 09:24 AM
Hi @juancarlosmartinez yes, just change the maximum value according to how many MAC addresses you want to limit.
Port security will limit the number of devices connecting to the switchport, this won't limit the number of connections to a server.
01-12-2022 09:31 AM
Thanks Rob,
2 more questions,
if I want to remove the above configuration or modify and add another MAC, I just do NO switchport port-security
01-12-2022 09:51 AM
@juancarlosmartinez you can just use "no switchport port-security mac-address <mac address>" and then add the new MAC. Use "show port-security address" to confirm the address is removed.
More information.
01-12-2022 10:33 AM
This is what I have now however why it said vlan access.
interface GigabitEthernet0/45
description server01
switchport access vlan X
switchport mode access
switchport port-security maximum 3
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky H.H.H vlan access (why is this extra)
switchport port-security mac-address sticky H.H.H vlan access
switchport port-security mac-address H.H.H vlan access
01-12-2022 10:39 AM
@juancarlosmartinez it's added by default, that MAC address is in the data vlan. The other option would be "voice" instead of "access"
switchport port-security mac-address sticky [mac-address |vlan {vlan-id | {access | voice}}]
01-12-2022 10:49 AM
got it...thanks Rob
01-12-2022 11:08 AM
Rob,
question,
If a configure the port this way, I just protecting the server interface Correct?
Switch(config)#interface fa x/x
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config)if)#switchport port-security maximum 1
Switch(config-if)#switchport port-security violation restrict
Switch(config-if)#switchport port-security mac-address h.h.h (server i/F)
Switch(config-if)# end
01-12-2022 11:25 AM
@juancarlosmartinez you are only allow that MAC address connected to the switchport, so if that MAC address is the server, then yes, only that server MAC address can be plugged into that interface on the switch.
01-12-2022 01:25 PM
Thanks so much Rob....
01-12-2022 10:10 AM
Switch(config)if)#switchport port-security maximum 3
yes the configuration allow 3 MAC address as per port config, Hope you are looking port connection limit not server connections like web server then that need to look different (not with this config).
if I want to remove the above configuration or modify and add another MAC, I just do NO switchport port-security
i will default interface fa x/x and configure again. - so the configuration get in to defaults.
01-12-2022 10:34 AM
Thanks BB
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide