10-02-2012 05:54 AM - edited 03-07-2019 09:13 AM
I am seeking a way to monitor a port to know when more than 3 MAC addresses have been attached to the port. Port security does not seem to offer a solution because the port is shut down. I also looked into using an ACL but that does not seem to over a solution either. If you know of way will you please share it with me?
Thank you in advance for your help.
10-02-2012 05:57 AM
Hi,
if you use restrict as violation mode you'll get a log message about the 4th MAC address and the frame will simply get dropped but the port won't be shutdown.
int f0/1
switchport port-security max 3
switchport port-security violation restrict
switchport port-security
Regards.
Alain
Don't forget to rate helpful posts.
10-02-2012 07:34 AM
Thank you for your reply.
I made a mistake and did not mention that we cannot shut down anything. So in our example after the fourth mac address is received the fouth mac would not be able to access the network. This will not work for us. I need to know that that mac address and use some type of system to alert me. Preferably email.
Thank you again for your help.
10-02-2012 10:19 AM
Hi,
maybe this could help if available on your switch platform/image : http://www.cisco.com/en/US/docs/ios/lanswitch/command/reference/lsw_m1.html#wp1142567
Regards.
Alain
Don't forget to rate helpful posts.
10-02-2012 10:29 AM
Hello John,
The action restrict will not shut down the port but as you said it will drop the offending packets ( the one comming from an invalid MAC add).
Port-security is not what you are looking for....You are looking for a monitor tool being able to detect the MAC addresses on each port. So use syslog or Netflow
Regards,
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide