cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5980
Views
0
Helpful
3
Replies

MAC Address Filtering / Port Security

tweep9141983
Level 1
Level 1

Hi Team,

This is my first time to write here actually, hope this will be a good start for me in this community.

Moving forward, I am using 5 Cisco SG500-28 with fw 1.4.7.6 (Latest already).  My client wants to secure ports so that no one without IT permission can just plugin a laptop/computer to the office network.  Which I alreay did using Port Security and forcing Lock down of ports using classic option, meaning what has been registered will be locked and no other machines can connect anymore.

The problem I have now is when the users bring their laptops to the conference room.  I needed to unlock the ports before they can use it and then lock again once they are done.  I have an option to leave it unlocked, however sometimes the conference rooms are used by visitors as well.  So I can't leave the ports unlocked.  It's starting to become a pain, since users needed to request IT support whenever they need to use the conference room.

My question is, for Cisco SG500 switches is there a way for ports to follow MAC address table instead of remembering MAC address per port?  I have tried researching online but haven't got any luck yet but will still continue to do so as I know this is possible.  But if you guys already done this on the same switch or if you have a better suggestion, pls pls let me know.

Thanks so much in advance.

Kind Regards,

James V

3 Replies 3

ahakels
Level 1
Level 1

You can try adding multiple MAC addresses in the port security and then blocking all the other.

The command reference guide is as follows:

http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/Sx500/cli_guide/CLI_500.pdf

and

http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/Sx500/cli_guide/CLI_500.pdf#G6.1232096 

Hi Ahakels,

Actually everyone uses the conference room.  So meaning I have to add all 56 user laptop NIC MAC addresses to the port for the port security?

Actually it's just around 15-20 users who mostly bring their laptops, but still it's going to be 15-20 MAC address on all 4 conference room ports?

Is there a way to get the port to look into a static MAC address table to allow deny access?

Thanks for your response mate, really appreciate it!

switchp port-sercurity max 24

switchport port-security mac-address x.x.x.x.x

switchport port-security mac-address x.x.x.x.x

......

switchport port-security mac-address x.x.x.x.x

Or It is better and easy to use a Server for authentication

Review Cisco Networking for a $25 gift card