cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

897
Views
0
Helpful
4
Replies
Highlighted

MAC Address Port Monitoring

I am seeking a way to monitor a port to know when more than 3 MAC addresses have been attached to the port.  Port security does not seem to offer a solution because the port is shut down.  I also looked into using an  ACL but that does not seem to over a solution either.  If you know of way will you please share it with me?

Thank you in advance for your help.

Everyone's tags (3)
4 REPLIES 4
Advisor

MAC Address Port Monitoring

Hi,

if you use restrict as violation mode you'll get a log message about the 4th MAC address and the frame will simply get dropped but the port won't be shutdown.

int f0/1

switchport port-security max 3

switchport port-security violation restrict

switchport port-security

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

MAC Address Port Monitoring

Thank you for your reply.

I made a mistake and did not mention that we cannot shut down anything.  So in our example after the fourth mac address is received the fouth mac would not be able to access the network.  This will not work for us.  I need to know that that mac address and use some type of system to alert me.  Preferably email.

Thank you again for your help.

Advisor

MAC Address Port Monitoring

Hi,

maybe this could help if available on your switch platform/image : http://www.cisco.com/en/US/docs/ios/lanswitch/command/reference/lsw_m1.html#wp1142567

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

MAC Address Port Monitoring

Hello John,

The action restrict will not shut down the port but as you said it will drop the offending packets ( the one comming from an invalid MAC add).

Port-security is not what you are looking for....You are looking for a monitor tool being able to detect the MAC addresses on each port. So use syslog or Netflow

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards