ā08-30-2018 10:47 AM - edited ā03-08-2019 04:02 PM
Hi Cisco switch has one command "switchport port-security mac-addrss xxx.xxx.xxx vlan access". My question is what is difference between with vlan access and without vlan access? Anyone can explain it? Thanks
ā08-30-2018 12:45 PM
Hi,
Without vlan access, the MAC can be learned from any vlan. With vlan access or vlan voice, you can only learne it from that specific vlan.
HTH
ā08-30-2018 12:59 PM
it means the MAC need to learn from that VLAN.
ā08-30-2018 03:26 PM
Thank you so much for your reply.
If it means the mac is learned from vlan, so what situation looks like that?
if without vlan access, it acts like normal one. That means the switch learn the mac from some thing like PC, which is connected to the switch port. If with the vlan access, can we say the switch learn mac from the other ports in the switch as long as these ports are in the same vlan?
ā08-30-2018 06:03 PM
Hi,
can we say the switch learn mac from the other ports in the switch as long as these ports are in the same vlan?
No, because this command applies under the interface and the interface belongs to specific vlans (in this case voice and data). So, if you don't specify the vlan, the port can learn it from either vlans but when you specify the vlan, it can only learn it from that vlan.
HTH
ā08-30-2018 07:28 PM
Switch learn mac address from its port when device such as PC plugged into the port. How do you say learn mac address from vlan? i guess i miss one concept. Thank you
ā08-30-2018 07:34 PM
Switch learn mac address from its port when device such as PC plugged into the port.
That is correct.
How do you say learn mac address from vlan?
When I say vlan, I mean a physical port that is in a vlan and serving a PC/Laptop, etc..
So, yes, we are saying the same thing.
HTH
ā08-31-2018 07:33 AM - edited ā08-31-2018 07:33 AM
Ok now we are at the same page.
" ----- So, if you don't specify the vlan, the port can learn it from either vlans but when you specify the vlan, it can only learn it from that vlan. "
Please see the below configuration for port for example. The switch has vlan 10 and vlan20 and the port f0/50 is in vlan20. The PC is plugged into the port f0/50. if without "vlan access" at end of command "switchport port-security mac-addrss xxxx.xxxx.xxxx ", the switch port can learn mac address from vlan10 in addition to vlan20. if with "vlan access", the mac address can be learned only from vlan20. can you say it like this? Thank you
interface FastEthernet0/50
switchport mode access
switchport access vlan 20
switchport port-security
switchport port-security mac-address 0010.1111.2222 vlan access
ā08-31-2018 08:05 AM
Hi,
can you say it like this?
Yes, that is correct. One correction to your configuration is that if you have 2 vlans (10 and 20) say 10 for voice and 20 for data, the config should look like this
interface FastEthernet0/50
switchport mode access
switchport access vlan 20
switchport voice vlan 10
switchport port-security
switchport port-security mac-address 0010.1111.2222 vlan access
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide