Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7823
Views
0
Helpful
5
Replies

SG 300-52 Port Security - 2 Mac Addresses on 1 Port

Go to solution
dominique.guyer
Level 1
Level 1

‎03-19-2013 06:45 AM

Hi,

I have a Cisco SG 300-52 52-Port Gigabit Managed Switch. On the switch i have two ports which are connected to the guest vlan.

Now i want to activate the port security on the two ports. Is it possible to allow two mac addresses on one port?

This is because there are two users which use this two ports. But the users desn't use the same port all the time.

Thanks and best regards,

Dominique

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tom Watts
VIP Alumni
VIP Alumni
In response to chrebert

‎03-19-2013 06:30 PM

Hi Dominique, to add to Christopher's post, if you are expecting 2 mac addresses on a port but those 2 connections may connect to a different port you may configure a dynamic or static port security for those ports.

Here are 2 documents to assist you.

https://supportforums.cisco.com/docs/DOC-27720

https://supportforums.cisco.com/docs/DOC-27753

If you choose to use static MAC entries you may duplicate the entries for different interfaces.

Additionally, as an alternative solution, if you know the IP address and MAC address you may use dynamic arp inspection and achieve similar results in a much more strict fashion.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

0 Helpful
5 Replies 5

Go to solution
chrebert
Level 4
Level 4

‎03-19-2013 03:03 PM

Hello Dominique,

The option you are looking for is under Security > Port Security.

You can set the port to Limited Dyanmic Lock and specify a max of 2 MAC addresses.  The switch will learn the next two MAC addresses plugged into that port, and then block any others from access.

You can also select Secure Permanent and the switch will keep the MAC addresses it has already dynamically learned and learn more up to the maximum you specify.

Let me know if that works for you,

Christopher Ebert

Network Support Engineer - Cisco Small Business Support Center

*please rate helpful posts*

0 Helpful

Go to solution
Tom Watts
VIP Alumni
VIP Alumni
In response to chrebert

‎03-19-2013 06:30 PM

Hi Dominique, to add to Christopher's post, if you are expecting 2 mac addresses on a port but those 2 connections may connect to a different port you may configure a dynamic or static port security for those ports.

Here are 2 documents to assist you.

https://supportforums.cisco.com/docs/DOC-27720

https://supportforums.cisco.com/docs/DOC-27753

If you choose to use static MAC entries you may duplicate the entries for different interfaces.

Additionally, as an alternative solution, if you know the IP address and MAC address you may use dynamic arp inspection and achieve similar results in a much more strict fashion.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

Go to solution
dominique.guyer
Level 1
Level 1
In response to Tom Watts

‎03-20-2013 01:22 AM

I configured the Interface like this:

Then I connect Notebook 1 to the Port and it is connected to the network. If I connect notebook 2 to this Port it can also connect to the network. I set the Max No. of Address Allowed to 1 because I have only 2 Notebook for doing this test. Later I would set it to 2 or 3.

In the dynamic addresses list is always the current connected device listed:

Why does the second device not blocked?

Regards,

Dominique

0 Helpful

Go to solution
Tom Watts
VIP Alumni
VIP Alumni
In response to dominique.guyer

‎03-20-2013 06:16 AM

Because the interface is not locked. Please reference the provided links above.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

Go to solution
dominique.guyer
Level 1
Level 1
In response to dominique.guyer

‎03-21-2013 01:17 AM

Thanks a lot Tom. After I had looked the port and add the 2 mac addresses to the static address list it works.

0 Helpful
Customers Also Viewed These Support Documents