cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
724
Views
0
Helpful
1
Replies

Allowing a Multi-cast MAC address with Port-Security

Grant McBride
Level 1
Level 1

Hi guys,

Is there any way of allowing only one MAC address on a port using port-security but from a certain range of MAC addresses. Therefore for example the MAC address starting with 000c.29 is the VMWare manufactures range. We have PC's running virtual machines and want to allow those virtual machines but only one of them at a time.

This is the config I have but I don't think putting a multicast MAC will work:

interface Gi2/0/13

switchport port-security

switchport port-security maximum 1

switchport port-security mac-address 000c.29ff.ffff

switchport port-security violation shutdown

We urgently need to setup this to adhere to SLA's.

Thanks guys!!!

1 Reply 1

cadet alain
VIP Alumni
VIP Alumni

Hi,

this is not a multicast MAC but a unicast one because the I/G bit is set to zero(000c) but it won't work anyway because there won't ever be a MAC address like this one and so your port will get errdisabled and you won't get no communication with any connected machine on this port.

We have PC's running virtual machines and want to allow those virtual machines but only one of them at a time.

Could you explain further please and also tell us on which platform you are.

Regards.

Alain

Don't forget to rate helpful posts.
Review Cisco Networking for a $25 gift card