cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1194
Views
7
Helpful
7
Replies

How to tell if there is more than one device on a switch port

ece344609_2
Level 1
Level 1

Hi all,

Is there an easy way to tell if there is more than one device on a switch port?

What I am trying to do is set port-security on every port of a switch for a maximum of one device.  This will obviously shut down any port with more than a device on it.  So is there anyway to tell how many devices are on a port, so I can set the maximum accordingly?

Thanks,

-SA.

7 Replies 7

royalblues
Level 10
Level 10

you can check for the number of mac addresses being learnt at each port using the cli command "sh mac-address-table dynamic

I knwo this could be frustrating but in general all but trunks ports of the switch can be configured for port secruity with a max of one mac-address.

If you have an IPT deployment with desktops hooking off the phones, then you may have to configure the port for a maximum of 2 mac-address

HTH

Narayan

Nagaraja Thanthry
Cisco Employee
Cisco Employee

Hello,

If you issue "show mac address-table dynamic interface " you

will see all registered mac addresses on that port. That would be a good

starting point.

Hope this helps.

Regards,

NT

Leo Laohoo
Hall of Fame
Hall of Fame

Shut down the port and wait for the phone to ring.  He he he ...

One option is to enable port security and set maximum MAC address.  This is because some servers don't advertise their MAC address. 

How could they not 'advertise' their MAC address?

If they're going to send any type of packet on a switched-network then of course they're going to need to have their MAC address known. Whether or not they spoof a MAC is another question, but either way you look at it; it will still be well known information (at least from a switches perspective).

NIC Teaming.  The primary NIC will advertise but the secondary NIC will go "silent".

Fair point, although one could debate whether they'd be hanging off the same switch port (unless there were a switch or hub downstream from the switch you're looking at of course).

Thus my initial post of "disable the ports".  If you use the command "sh mac- int " and your output, say, is 10 MAC address but in fact you have more "silent" MACs.  You won't know.  But I've done this several times and I got the answer faster than trawling. 

Review Cisco Networking for a $25 gift card