Cat3550 Port security configuration

m.saufi · ‎02-26-2004

I have WS-C3550-48-SMI(IOS 12.1(9)EA1c) connected to a pair of Cisco828 linked together with copper over 3km at 1Mbits. Remote end 828 has computers connected to 2 of the 4 ethernet ports.

I need to only allow the 2 computers to pass thru Cat3550 to access the network.

Questions:

In this scenario what mac addresses are to be allowed apart from the 2 computers?

I have done port security configuration but always get portstatus err-disabled and I can't recover the port after doing "shutdown and then "no shut..". I also tried "switchport security recovery cause all" but still failed. Port security already disabled too.

Any configuration examples are most welcomed.

Many thanks for responding.

tbaranski · ‎02-26-2004

Port security won't help you here since there's a router in between the 3550 and the hosts. Best bet is probably access lists on the 3550.

m.saufi · ‎02-26-2004

Actually there's no router between 3550 and 828,just one 10BaseT connection to link them. The local 828 in turn is linked to the remote other 828 with a pair of copper cable.A Router(7507) is only after 3550. No routing is configured on 3550 and both 828s. Network access from both computers are working fine except that I need prevent others from accessing the network.

tbaranski · ‎02-27-2004

Ok, so the 828s are just bridging then? If that's the case you should only need to allow the MAC addresses of the workstations through the 3550. (You may need to allow the MAC addresses of the 828s for management purposes, but that's another issue.)

Note that you can configure port security to simply drop traffic from unauthorized addresses rather than shutting down the port entirely. See http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00801cdf52.html#1038501