Data Center Switch Port Security

GREGORY JACKSON · ‎10-25-2004

I hope this is the right placce for this question so here goes.

I have a good size datacenter and we have lots of changes going on. We have add, move and chages going almost daily. With those changes we get new severs put on the network and old one removed, well we use the sername as a description for a port the problem is that often the server teams will change servers without out knowlegde thus making our docuentation heard to keeo accurate.

What I woul dlike to do is secure the ports on the switches dynamicallly, thus when a server gets plugged in the switch remembers the mac address and does not let any other mac address on that port. This will then force the end users to let use know when new devices are being added to the network,,

lsouth · ‎10-25-2004

Depending on the model of switch you are using (I am assuming 6500 series) you can set port security.

set port security enab

the default is for 1 mac address and it will auto learn the first mac, all others will shut the port down.

sstudsdahl · ‎10-28-2004

You need to be careful when planning an implementation like this. Some applications will use virtual MAC addresses (for example, Windows Network Load Balancing) and can cause the port to become disabled based on what is happening with the application. (Mainly admin type functions for this one.)

In the case of a server setup with VMWare or Virtual PC, multiple virtual MAC address will exist, one for each virtual system running.

The best solution for this would be to get your server admins to notify you when a server is replaced so that you can update the documentation you maintain. They should understand the need for current documentation when you are trying to troubleshoot a problem.

lsouth · ‎11-01-2004

My fellow network colleague has added some great insight. All your issues would be resolved with "perfect" change control.

Good Luck with whatever you come up with.