Solved: MAC address control

anitachoi3 · ‎02-21-2013

Dear expert,

I would like to enable port security to hardcode the MAC address on the ethernet switch. There are 5 ethernet ports in the same ethernet switch to be assigned for one person (one note book), e.g. port 5, 6, 15, 16 and 23. The model of ethernet switch is cisco 2960S and one MAC address is configured on 2960S.

1. Does 2960S support this requirement to allow input the same MAC address to 5 different port?

2. If yes, can ethernet switch "smart" enough to forward the packages to "active" ethernet port which is connected to notebook and the rest of four ports are inactive.

3. if no, any solution or any work around to achieve this requirement

rdgs

Anita

Giuseppe Larosa · ‎02-21-2013

Hello Anita,

>> 1. Does 2960S support this requirement to allow input the same MAC address to 5 different port?

No, the switch will not allow to associate the same secure MAC address to different ports at the same time.

3) DAI and IP source guard may provide some control combined with DHCP snooping.

Hope to help

Giuseppe

View solution in original post

paul driver · ‎02-21-2013

Hello,

Also DAI can be used statically without dhcp snooping enabled

ip arp inspection filter-list vlan xx static TST

arp access-list TST

permit ip host x.x.x.x mac host 0000.0000.1111

permit ip host x.x.x.x mac host 0000.0000.1112

permit ip host x.x.x.x mac host 0000.0000.1113

etc..

res

Paul

Please don't forget to rate this post if it has been helpful.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Giuseppe Larosa · ‎02-21-2013

Hello Anita,

>> 1. Does 2960S support this requirement to allow input the same MAC address to 5 different port?

No, the switch will not allow to associate the same secure MAC address to different ports at the same time.

3) DAI and IP source guard may provide some control combined with DHCP snooping.

Hope to help

Giuseppe

paul driver · ‎02-21-2013

Hello,

Also DAI can be used statically without dhcp snooping enabled

ip arp inspection filter-list vlan xx static TST

arp access-list TST

permit ip host x.x.x.x mac host 0000.0000.1111

permit ip host x.x.x.x mac host 0000.0000.1112

permit ip host x.x.x.x mac host 0000.0000.1113

etc..

res

Paul

Please don't forget to rate this post if it has been helpful.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Kuldeep singh · ‎03-09-2013

Hello Experts,

can we configure same mac address on different ports of cisco 3560 switch ?

For example,

SW1(config-if)# int g0/1

SW1(config-if)#switchport port-security

SW1(config-if)#switchport port-security maximum 2

SW1(config-if)# switchport port-security mac-address 000f.242e.bf80

SW1(config-if)# switchport port-security mac-address 235f.s3f1.fg55

SW1(config-if)# int g0/3

SW1(config-if)#switchport port-security

SW1(config-if)#switchport port-security maximum 2

SW1(config-if)# switchport port-security mac-address 000f.242e.bf80

SW1(config-if)# switchport port-security mac-address 7w23.567u.2dc4

Common mac address is "000f.242e.bf80"

KS

Peter Paluch · ‎03-09-2013

Hello Kuldeep,

No, that is not possible, as Giuseppe has already mentioned in this thread. A secure MAC address can not be simultaneously present at multiple ports at once.

Best regards,

Peter

Kuldeep singh · ‎03-09-2013

Thanks Mr Peter..........