cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1019
Views
10
Helpful
5
Replies

MAC address control

anitachoi3
Level 1
Level 1

Dear expert,

I would like to enable port security to hardcode the MAC address on the ethernet switch. There are 5 ethernet ports in the same ethernet switch to be assigned for one person (one note book), e.g. port 5, 6, 15, 16 and 23. The model of ethernet switch is cisco 2960S and one MAC address is configured on 2960S.

1. Does 2960S support this requirement to allow input the same MAC address to 5 different port?

2. If yes, can ethernet switch "smart" enough to forward the packages to "active" ethernet port which is connected to notebook and the rest of four ports are inactive.

3. if no, any solution or any work around to achieve this requirement 

rdgs

Anita

2 Accepted Solutions

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Anita,

>> 1. Does 2960S support this requirement to allow input the same MAC address to 5 different port?

No, the switch will not allow to associate the same secure MAC address to different ports at the same time.

3) DAI and IP source guard may provide some control combined with DHCP snooping.

Hope to help

Giuseppe


View solution in original post

Hello,

Also DAI can be used statically without dhcp snooping enabled

ip arp inspection filter-list vlan xx static TST

arp access-list TST

permit ip host x.x.x.x mac host 0000.0000.1111

permit ip host x.x.x.x mac host 0000.0000.1112

permit ip host x.x.x.x mac host 0000.0000.1113

etc..

res

Paul

Please don't forget to rate this post if it has been helpful.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Anita,

>> 1. Does 2960S support this requirement to allow input the same MAC address to 5 different port?

No, the switch will not allow to associate the same secure MAC address to different ports at the same time.

3) DAI and IP source guard may provide some control combined with DHCP snooping.

Hope to help

Giuseppe


Hello,

Also DAI can be used statically without dhcp snooping enabled

ip arp inspection filter-list vlan xx static TST

arp access-list TST

permit ip host x.x.x.x mac host 0000.0000.1111

permit ip host x.x.x.x mac host 0000.0000.1112

permit ip host x.x.x.x mac host 0000.0000.1113

etc..

res

Paul

Please don't forget to rate this post if it has been helpful.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hello Experts,

can we configure same mac address on different ports of cisco 3560 switch ?

For example,

SW1(config-if)# int g0/1

SW1(config-if)#switchport port-security

SW1(config-if)#switchport port-security maximum 2

SW1(config-if)# switchport port-security mac-address  000f.242e.bf80

SW1(config-if)# switchport port-security mac-address 235f.s3f1.fg55

SW1(config-if)# int g0/3

SW1(config-if)#switchport port-security

SW1(config-if)#switchport port-security maximum 2

SW1(config-if)# switchport port-security mac-address  000f.242e.bf80

SW1(config-if)# switchport port-security mac-address 7w23.567u.2dc4

Common mac address is "000f.242e.bf80"

KS

Hello Kuldeep,

No, that is not possible, as Giuseppe has already mentioned in this thread. A secure MAC address can not be simultaneously present at multiple ports at once.

Best regards,

Peter

Thanks Mr Peter..........

Review Cisco Networking for a $25 gift card