02-26-2017 11:04 PM - edited 03-08-2019 09:30 AM
Hi Team,
This is my first time to write here actually, hope this will be a good start for me in this community.
Moving forward, I am using 5 Cisco SG500-28 with fw 1.4.7.6 (Latest already). My client wants to secure ports so that no one without IT permission can just plugin a laptop/computer to the office network. Which I alreay did using Port Security and forcing Lock down of ports using classic option, meaning what has been registered will be locked and no other machines can connect anymore.
The problem I have now is when the users bring their laptops to the conference room. I needed to unlock the ports before they can use it and then lock again once they are done. I have an option to leave it unlocked, however sometimes the conference rooms are used by visitors as well. So I can't leave the ports unlocked. It's starting to become a pain, since users needed to request IT support whenever they need to use the conference room.
My question is, for Cisco SG500 switches is there a way for ports to follow MAC address table instead of remembering MAC address per port? I have tried researching online but haven't got any luck yet but will still continue to do so as I know this is possible. But if you guys already done this on the same switch or if you have a better suggestion, pls pls let me know.
Thanks so much in advance.
Kind Regards,
James V
02-26-2017 11:46 PM
You can try adding multiple MAC addresses in the port security and then blocking all the other.
The command reference guide is as follows:
http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/Sx500/cli_guide/CLI_500.pdf
and
http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/Sx500/cli_guide/CLI_500.pdf#G6.1232096
02-26-2017 11:53 PM
Hi Ahakels,
Actually everyone uses the conference room. So meaning I have to add all 56 user laptop NIC MAC addresses to the port for the port security?
Actually it's just around 15-20 users who mostly bring their laptops, but still it's going to be 15-20 MAC address on all 4 conference room ports?
Is there a way to get the port to look into a static MAC address table to allow deny access?
Thanks for your response mate, really appreciate it!
02-27-2017 12:10 AM
switchp port-sercurity max 24
switchport port-security mac-address x.x.x.x.x
switchport port-security mac-address x.x.x.x.x
......
switchport port-security mac-address x.x.x.x.x
Or It is better and easy to use a Server for authentication
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide