02-21-2013 01:12 AM - edited 03-07-2019 11:50 AM
Dear expert,
I would like to enable port security to hardcode the MAC address on the ethernet switch. There are 5 ethernet ports in the same ethernet switch to be assigned for one person (one note book), e.g. port 5, 6, 15, 16 and 23. The model of ethernet switch is cisco 2960S and one MAC address is configured on 2960S.
1. Does 2960S support this requirement to allow input the same MAC address to 5 different port?
2. If yes, can ethernet switch "smart" enough to forward the packages to "active" ethernet port which is connected to notebook and the rest of four ports are inactive.
3. if no, any solution or any work around to achieve this requirement
rdgs
Anita
Solved! Go to Solution.
02-21-2013 01:23 AM
Hello Anita,
>> 1. Does 2960S support this requirement to allow input the same MAC address to 5 different port?
No, the switch will not allow to associate the same secure MAC address to different ports at the same time.
3) DAI and IP source guard may provide some control combined with DHCP snooping.
Hope to help
Giuseppe
02-21-2013 02:29 AM
Hello,
Also DAI can be used statically without dhcp snooping enabled
ip arp inspection filter-list vlan xx static TST
arp access-list TST
permit ip host x.x.x.x mac host 0000.0000.1111
permit ip host x.x.x.x mac host 0000.0000.1112
permit ip host x.x.x.x mac host 0000.0000.1113
etc..
res
Paul
Please don't forget to rate this post if it has been helpful.
02-21-2013 01:23 AM
Hello Anita,
>> 1. Does 2960S support this requirement to allow input the same MAC address to 5 different port?
No, the switch will not allow to associate the same secure MAC address to different ports at the same time.
3) DAI and IP source guard may provide some control combined with DHCP snooping.
Hope to help
Giuseppe
02-21-2013 02:29 AM
Hello,
Also DAI can be used statically without dhcp snooping enabled
ip arp inspection filter-list vlan xx static TST
arp access-list TST
permit ip host x.x.x.x mac host 0000.0000.1111
permit ip host x.x.x.x mac host 0000.0000.1112
permit ip host x.x.x.x mac host 0000.0000.1113
etc..
res
Paul
Please don't forget to rate this post if it has been helpful.
03-09-2013 01:16 AM
Hello Experts,
can we configure same mac address on different ports of cisco 3560 switch ?
For example,
SW1(config-if)# int g0/1
SW1(config-if)#switchport port-security
SW1(config-if)#switchport port-security maximum 2
SW1(config-if)# switchport port-security mac-address 000f.242e.bf80
SW1(config-if)# switchport port-security mac-address 235f.s3f1.fg55
SW1(config-if)# int g0/3
SW1(config-if)#switchport port-security
SW1(config-if)#switchport port-security maximum 2
SW1(config-if)# switchport port-security mac-address 000f.242e.bf80
SW1(config-if)# switchport port-security mac-address 7w23.567u.2dc4
Common mac address is "000f.242e.bf80"
KS
03-09-2013 02:06 AM
Hello Kuldeep,
No, that is not possible, as Giuseppe has already mentioned in this thread. A secure MAC address can not be simultaneously present at multiple ports at once.
Best regards,
Peter
03-09-2013 02:23 AM
Thanks Mr Peter..........
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide