06-04-2012 04:19 AM
Dear All,
anyone has deploy port security on SMB Switch (SRW series)?
what i need to do if i want deploy this secanario ?
- one port just for 1 mac address
- if another mac address show up on that port, the port must be shutdown
please help me.
thanks
Solved! Go to Solution.
06-04-2012 05:33 AM
Is the SRW you reference, one of the new SRWxxx-K9 (300 series) switch, or the old switch pre-300 series version?
If the switch is a current 300 series product, the action on switch port security violation could be, as taken from the 300 series Admin guide, highlighted in the red box below.;
06-04-2012 09:38 AM
Hi Leonardus,
The port security mode lock, command is performed once for a interface or range of interfaces, and doesn't appear in the running config.
It saves the current dynamic MAC addresses associated with the port and disables learning, relearning and aging.
On my switch after the lock command was performed, I can see that my switch statically defined the MAC entries for three SPA500 phone devices in two vlans;
mac address-table static 00:02:fd:ff:c0:f4 vlan 1 interface gigabitethernet2 secure
mac address-table static 00:24:97:f0:55:f6 vlan 1 interface gigabitethernet6 secure
mac address-table static 00:25:84:d8:d0:08 vlan 1 interface gigabitethernet4 secure
mac address-table static 00:02:fd:ff:c0:f4 vlan 100 interface gigabitethernet2 secure
mac address-table static 00:24:97:f0:55:f6 vlan 100 interface gigabitethernet6 secure
mac address-table static 00:25:84:d8:d0:08 vlan 100 interface gigabitethernet4 secure
On my 10 port switch SGE300-10P, the following command was entered into the CLI,
interface range gi1-8
port security discard-shutdown
The CLI command port security discard-shutdown, should perform the action you need, which is discards packets with unlearned source addresses
and shuts down the port.
I plugged a PC into the back of the SPA phone and the LED lights on the switch turned off. Power was still getting to the phone.
So the switch port did shutdown and i had to enable the port as shown below.
.
I have seen a interesting behaviour in the GUI, which I am checking with the Support Centers Subject Matter expert. but the port did lock the number of MAC addresses and shutdown the port, when it saw the appearance of another Layer 2 host on the port.
regards Dave
.
06-04-2012 05:33 AM
Is the SRW you reference, one of the new SRWxxx-K9 (300 series) switch, or the old switch pre-300 series version?
If the switch is a current 300 series product, the action on switch port security violation could be, as taken from the 300 series Admin guide, highlighted in the red box below.;
06-04-2012 06:14 AM
hai David,
nice info..
after i try to configure follow the configuration guide, i found another problem.
the port can't learn anything of Mac Address after i enable port security as below :
Port security max 1
port security mode lock
port security discard shutdown
so i try this configuration to :
port security max 1
port security mode max-addresses
port security discard shutdown
and with this configuration, Mac Adress can learn as much as end point device.
can everybody share detail feature from port security on SRW?
it is different with Catalyst switch
06-04-2012 09:38 AM
Hi Leonardus,
The port security mode lock, command is performed once for a interface or range of interfaces, and doesn't appear in the running config.
It saves the current dynamic MAC addresses associated with the port and disables learning, relearning and aging.
On my switch after the lock command was performed, I can see that my switch statically defined the MAC entries for three SPA500 phone devices in two vlans;
mac address-table static 00:02:fd:ff:c0:f4 vlan 1 interface gigabitethernet2 secure
mac address-table static 00:24:97:f0:55:f6 vlan 1 interface gigabitethernet6 secure
mac address-table static 00:25:84:d8:d0:08 vlan 1 interface gigabitethernet4 secure
mac address-table static 00:02:fd:ff:c0:f4 vlan 100 interface gigabitethernet2 secure
mac address-table static 00:24:97:f0:55:f6 vlan 100 interface gigabitethernet6 secure
mac address-table static 00:25:84:d8:d0:08 vlan 100 interface gigabitethernet4 secure
On my 10 port switch SGE300-10P, the following command was entered into the CLI,
interface range gi1-8
port security discard-shutdown
The CLI command port security discard-shutdown, should perform the action you need, which is discards packets with unlearned source addresses
and shuts down the port.
I plugged a PC into the back of the SPA phone and the LED lights on the switch turned off. Power was still getting to the phone.
So the switch port did shutdown and i had to enable the port as shown below.
.
I have seen a interesting behaviour in the GUI, which I am checking with the Support Centers Subject Matter expert. but the port did lock the number of MAC addresses and shutdown the port, when it saw the appearance of another Layer 2 host on the port.
regards Dave
.
06-04-2012 10:12 PM
hai all,
i already get the idea about port security on SRW..
thanks for help,
regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide