03-19-2013 06:45 AM
Hi,
I have a Cisco SG 300-52 52-Port Gigabit Managed Switch. On the switch i have two ports which are connected to the guest vlan.
Now i want to activate the port security on the two ports. Is it possible to allow two mac addresses on one port?
This is because there are two users which use this two ports. But the users desn't use the same port all the time.
Thanks and best regards,
Dominique
Solved! Go to Solution.
03-19-2013 06:30 PM
Hi Dominique, to add to Christopher's post, if you are expecting 2 mac addresses on a port but those 2 connections may connect to a different port you may configure a dynamic or static port security for those ports.
Here are 2 documents to assist you.
https://supportforums.cisco.com/docs/DOC-27720
https://supportforums.cisco.com/docs/DOC-27753
If you choose to use static MAC entries you may duplicate the entries for different interfaces.
Additionally, as an alternative solution, if you know the IP address and MAC address you may use dynamic arp inspection and achieve similar results in a much more strict fashion.
-Tom
Please mark answered for helpful posts
03-19-2013 03:03 PM
Hello Dominique,
The option you are looking for is under Security > Port Security.
You can set the port to Limited Dyanmic Lock and specify a max of 2 MAC addresses. The switch will learn the next two MAC addresses plugged into that port, and then block any others from access.
You can also select Secure Permanent and the switch will keep the MAC addresses it has already dynamically learned and learn more up to the maximum you specify.
Let me know if that works for you,
Christopher Ebert
Network Support Engineer - Cisco Small Business Support Center
*please rate helpful posts*
03-19-2013 06:30 PM
Hi Dominique, to add to Christopher's post, if you are expecting 2 mac addresses on a port but those 2 connections may connect to a different port you may configure a dynamic or static port security for those ports.
Here are 2 documents to assist you.
https://supportforums.cisco.com/docs/DOC-27720
https://supportforums.cisco.com/docs/DOC-27753
If you choose to use static MAC entries you may duplicate the entries for different interfaces.
Additionally, as an alternative solution, if you know the IP address and MAC address you may use dynamic arp inspection and achieve similar results in a much more strict fashion.
-Tom
Please mark answered for helpful posts
03-20-2013 01:22 AM
I configured the Interface like this:
Then I connect Notebook 1 to the Port and it is connected to the network. If I connect notebook 2 to this Port it can also connect to the network. I set the Max No. of Address Allowed to 1 because I have only 2 Notebook for doing this test. Later I would set it to 2 or 3.
In the dynamic addresses list is always the current connected device listed:
Why does the second device not blocked?
Regards,
Dominique
03-20-2013 06:16 AM
Because the interface is not locked. Please reference the provided links above.
-Tom
Please mark answered for helpful posts
03-21-2013 01:17 AM
Thanks a lot Tom. After I had looked the port and add the 2 mac addresses to the static address list it works.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide