Configure switch-wide MAC-address for port security

drehstrom · ‎07-21-2022

Hi folks,

we have a 9300 switch, every port ist configured to use port security with one sticky MAC-address and everything works fine. Now we like to do some checkings in our network using a test tool from FLUKE. As soon as I connect and start testing the port switches to err-disable. That's absolutely correct, because of the different MAC from the FLUKE. Now I'd like to add the MAC of the FLUKE to every port for testing purposes. I didn't find a way to do this per switch so I used the "interface range" command. But I can enter the MAC only to one port. Trying to add it to another port results in an error stating: "Found duplicate mac-address ....".

Is there any chance to enter a switch-wide MAC-address to work with port-security?

Thanks for your help

marce1000 · ‎07-21-2022

>Is there any chance to enter a switch-wide MAC-address to work with port-security?

Definitely not

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Leo Laohoo · ‎07-21-2022

802.1x is the answer.

W-ALI · ‎07-21-2022

Hello @Leo Laohoo

Does 802.1X support port security or MAC devices?
I configured & Applied 802.1X VLAN assignment & Port-Based Authentication on Radius-NPS with domain users ,

does NPS support that by PCs MAC?

Leo Laohoo · ‎07-21-2022

There are so many things that can be achieved by Dot1X. I can, for instance,

Specify which VLAN a specific MAC address can go, regardless on what switch and what port.
Specify which VLANs an OUI can go, regardless on what switch and what port.
Specify which VLAN a specific username can go, regardless on what switch and what port.

W-ALI · ‎07-22-2022

@Leo Laohoo

thanks a lot Prof for this info