Re: Single MAC Address

mike-greene · ‎06-28-2004

Hi,

Is there a command that will lock a port down to only pass traffic for one mac address at a time, on a 4006 running 12.2.20? I don't want to enable port security on the port but I only want one machine on the port at anytime.

Thanks in advance.

Harold Ritter · ‎06-28-2004

Any reason why you donèt want to use port security?

I guess you could disable arp on the specific L3 interface (no arp arpa) where that station is connected and then just configured a static arp entry for the specific MAC address as follow:

arp 192.168.99.2 xxxx.xxxx.xxxx arpa

The drawback of this approach is that you would have to do the same for all devices on that L3 interface. I can't think of a way to do it at the Layer 2 other than prot security.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Georg Pauwen · ‎06-28-2004

Hello Mike,

AFAIK, port security is the only way to do this:

Switch(config-if)# port security max-mac-count 1

Is there a specific requirement for why you cannot use port security ?

Regards,

GP

mike-greene · ‎06-28-2004

Hi,

Thanks for the answers. I have our entire site locked down with port security but I need a port for new PC builds..ie rebuild machines, build new machines etc..I DO NOT want a tech putting a hub on this port and connecting ten or twenty machines. This is the reason (or one of the reasons) we started locking down our sites. I guess if this cannot be done I can put this port into another vlan and only give access to resources it needs and that it.

Thanks for the responces.