how to restrict the untagged vlans in the cisco switch 2960

PdhineshK · ‎06-13-2018

Hi Team,

Currently I have cisco 2960 switches which is running I need to restrict the untagged vlans in the switch which may send from the other switch.

If it's not possible to restrict the untagged vlans is there anyway to strict the static Mac address in case any one connect the switch other than this Mac it should automatically shutdown.

Need your inputs on this

Diana Karolina Rojas · ‎06-13-2018

Hello,

You can define the tagged vlans you want to have between trunks ports and also you can define a Native vlan and permit it in the trunk avoiding the rest of the vlans (this way you avoid traffic from vlan 1), the question is Why do you want to avoid untagged traffic? there are control traffic that is not tagged and is important to be in your network. Other hand you can define the MAC address you want to access to a port, with the next commands (in access ports):

switchport port-security
switchport port-security mac-address type-mac-here
switchport port-security maximum 1
switchport port-security violation shutdown

This way the interface goes down when any other mac that try to connect to this port.
Please do not forget to rate useful post.

Best Regards,

paul driver · ‎06-13-2018

Hello

Tag your native vlan -

vlan dot1q tag native

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul