Re: Problems with Port Security

averheaghe · ‎09-07-2005

I would like to apply multiple MAC addresses to switch ports for security, but I would like to apply the same list of MAC addresses to all the ports. Allowing for PC mobility within a branch office, but only allowing pre-defined MACs. This would also allow administrative laptops to b move from office to office by listing their MACs in all the tables as well.

Unfortunately when I attempt to do this it allows it on 1 port only and then locks out all the other ports that PCs are attached to. Is what I am trying to do possible?

thisisshanky · ‎09-07-2005

What switchmodel is it, slso catos, ios ?

for 6500 check this link

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a0080160a2c.html

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

averheaghe · ‎09-12-2005

The switches are 2950s running 12.1(13) EA1c.

The link to the above document is what I used when configuring the switches. After re-reading the document I found this which is apparently the problem:

•When you enable port security, if an address learned or configured on one secure port is seen on another secure port in the same VLAN, port security puts the port into the error-disabled state immediately.

So to clarify my problem and what I thnk the solution is. In order to secure a switch I enable the port security and learn the MACs, make them sticky and allow only one MAC per port. If a PC moves from one port to another I will need to issue a command to re-learn the MACs before the port will become open.

Correct?

Thanks,

Andy