06-12-2019 01:25 AM
Hi all,
Looking for some advice on port security & mac address learning. Essentially we are looking to lock down connections on a particular VLAN running on our Cisco SX350 switch. I have toyed around with ACL which seem to work but are little sensitive when editing.
I have added a sticky mac address (the authenticated device) to the port on the native VLAN, I now need to know how to block mac address learning on the port. The catch is that there is a tagged VLAN on the port which does require learning.
Is there any way to disable learning on the native or a single VLAN only?
Thanks,
Jonathan
06-12-2019 01:30 AM
How about ..
no mac-address-table learning { vlan vlan-id [ , vlan-id | -vlan-id] | interface interface slot / port } | Disable MAC address learning on an interface or on a specified VLAN or VLANs. You can specify a single VLAN ID or a range of VLAN IDs separated by a hyphen or comma. Valid VLAN IDs 1 to 4094. It cannot be an internal VLAN. |
06-12-2019 01:32 AM
this may help if you not already seen it
06-12-2019 02:05 AM
Thanks for the replies. These seem to relate to the Catalyst switches. We are using the small business Cisco SX350 series. CLI slightly different.
06-12-2019 03:18 AM
Hi Jonathan
my bad .. should have paid more attention to the subject :)
can't seem to find any similar to no mac table learning in the SX350 config guide.
may be someone else knows .. sorry.
06-12-2019 07:33 AM
No problem, thank you for the input anyway :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide