Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1212
Views
10
Helpful
7
Replies

Switchport security

pranjalpokhrel1840
Level 1
Level 1

‎12-17-2019 12:46 AM

Hi All,

 

I configured switchport security in one of my office switches with my laptop's Mac-address but unfortunately my laptop got lost and i don't remember the mac address too. What should i do to access the port now? What could be other options to configure switchport security other than binding mac-address?

 

Looking forward to a solution.

 

Best Regards,

 

Cisco User

Labels:
0 Helpful
7 Replies 7

Seb Rupik
VIP Alumni
VIP Alumni

‎12-17-2019 12:57 AM

Hi there,

Did you manual bind the MAC address to the switchport of use 'sticky MAC'? If the latter, then simply clear the address:

 

clear port-security sticky interface gi1/0/1

conf t

int gi1/0/1

shut

no shut

exit

 

Regarding alternatives, port-security is at the bottom end of switchport access control. Beyond that you would want to look at MAB or full blown 802.1x . Both of these solutions would require a separate NAC server.

 

cheers,

Seb.

pranjalpokhrel1840
Level 1
Level 1
In response to Seb Rupik

‎12-17-2019 08:51 PM

Hello Sir,

 

Good Morning and Thank you for your response.

 

 

I had manually configured the MAC address to the port. Is there anything i could do? Thank you for your help for sticky portion though.

 

Looking forward to your response.

 

Best Regards,

Cisco User

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to pranjalpokhrel1840

‎12-18-2019 01:13 AM

Hi there,

in which case negate the line of config specifiying the MAC address on the switchport. If the old MAC was 1111.2222.3333 and the new MAC is AAAA.BBBB.CCCC:

!
int gi1x/x/x
  no switchport port-security mac-address 1111.2222.3333
  switchport port-security mac-address AAAA.BBBB.CCCC
!

cheers,

Seb.

pranjalpokhrel1840
Level 1
Level 1
In response to Seb Rupik

‎12-18-2019 02:00 AM

Thank you for the solution sir.

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to pranjalpokhrel1840

‎12-18-2019 02:11 AM

No problem. Please mark this post as solved. ;)
0 Helpful

pranjalpokhrel1840
Level 1
Level 1
In response to Seb Rupik

‎12-19-2019 11:34 PM

Dear Sir,

Just before i mark this solution as solved, could you also please advise me a solution if i configured switchport security as sticky?

 

Looking forward to your response.

 

Best Regards,

Cisco User

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to pranjalpokhrel1840

‎12-20-2019 03:04 AM

Hi there,

A swithport config which would dynamically learn one MAC address on an access port would look like this:

!
int gix/x/x
  switchport mode access
  switchport access vlan xx
  switchport port-security
  switchport port-security maximum 1
  switchport port-security violation restrict
  switchport port-security mac-address sticky
  spanning-tree portfast
  no shut
!

cheers,

Seb.

0 Helpful
Customers Also Viewed These Support Documents