Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
772
Views
0
Helpful
6
Replies

allow notebk to be able to access multiple ports in a switch

donnie
Level 1
Level 1

‎09-28-2011 10:44 PM - edited ‎03-07-2019 02:30 AM

Hi all,

I am currently using a cisco3500 switch which is connected to lan points in a training room.

This switch need to implement port-security to make sure only 3 mac addresses can be connected to any port on the switch.

However when i try to add the same mac address to a different port(using "switchport port-security mac-address xxx") it would say "found duplicate mac-address xxxx".

Hence is there a way i can bypass this so that the 3 specific mac address can be added to all ports on the cisco switch?

Or is there any other way to meet my objective to allow only that 3 mac address to access ports on the cisco switch?

Pls advise, thks in advance.

Labels:
0 Helpful
6 Replies 6

cadet alain
VIP Alumni
VIP Alumni

‎09-29-2011 01:04 AM

Hi,

Is this a 3500 XL switch? if so then I don't see how you could achieve your goal with this model.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

Alexander Maroukian
Level 3
Level 3

‎09-29-2011 03:16 AM

Hi,

On this switch you can add port security with the same mac addresses if the interfaces are in different vlans - e.g. if your f0/1 is in vlan1 and your f0/2 is in vlan 2 then you can add same mac address to port-security.

interface FastEthernet0/1

switchport mode access

switchport port-security mac-address 0000.0000.0001

no ip address

!

interface FastEthernet0/2

switchport access vlan 2

switchport mode access

switchport port-security mac-address 0000.0000.0001

no ip address

Best regards,

Alex

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to Alexander Maroukian

‎09-29-2011 03:31 AM

Hi,

indeed he can do this but he will have to assign each port to a different VLAN so different subnet and so these machines would have to get different IPs and default gateway everytime they switch ports, it could be troublesome to administer and troubleshoot.

Why does the OP want to do this for? what is he trying to achieve ?

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

Alexander Maroukian
Level 3
Level 3
In response to cadet alain

‎09-29-2011 04:03 AM

Hi Alain,

This was just some kind of workaround. He can setup the proper subnetworks and vlans once and can achieve his goal. I did not say that this will not involve more administrative burden when it has to be setted up initially and maybe some unpredicted results can be seen. But so far this is a kind of solution.

Regards,

Alex

0 Helpful

donnie
Level 1
Level 1

‎09-29-2011 06:25 PM

Hi all,

Apologies for late reply. i would not want to configure different vlans as its suppose to be 1 subnet. I am currently trying out this solution http://www.tek-tips.com/viewthread.cfm?qid=1576418&page=18

Not sure if it works. My environment has to be in dhcp.

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to donnie

‎09-30-2011 12:42 AM

Hi,

Which solution ? the dot1x or the static mac?

I don't think your switch supports any of these but let us know anyway.

Furthermore the second one won't work in one VLAN, a MAC address can only be off 1 port in a particuliar VLAN.

Regards.

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card