06-28-2004 04:32 AM - edited 03-02-2019 04:40 PM
Hi,
Is there a command that will lock a port down to only pass traffic for one mac address at a time, on a 4006 running 12.2.20? I don't want to enable port security on the port but I only want one machine on the port at anytime.
Thanks in advance.
06-28-2004 04:56 AM
Any reason why you donèt want to use port security?
I guess you could disable arp on the specific L3 interface (no arp arpa) where that station is connected and then just configured a static arp entry for the specific MAC address as follow:
arp 192.168.99.2 xxxx.xxxx.xxxx arpa
The drawback of this approach is that you would have to do the same for all devices on that L3 interface. I can't think of a way to do it at the Layer 2 other than prot security.
Hope this helps,
06-28-2004 04:59 AM
Hello Mike,
AFAIK, port security is the only way to do this:
Switch(config-if)# port security max-mac-count 1
Is there a specific requirement for why you cannot use port security ?
Regards,
GP
06-28-2004 05:07 AM
Hi,
Thanks for the answers. I have our entire site locked down with port security but I need a port for new PC builds..ie rebuild machines, build new machines etc..I DO NOT want a tech putting a hub on this port and connecting ten or twenty machines. This is the reason (or one of the reasons) we started locking down our sites. I guess if this cannot be done I can put this port into another vlan and only give access to resources it needs and that it.
Thanks for the responces.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide