Re: MAC address port security

Murray Bown · ‎03-29-2011

Hi all, having looked around this forum and not finding the answer i thought I'd post a question.

I have a WS-C2960-48TT-L, 12.2(25)SEE3 and I need to configure port security, specifically I need to configure the same set of computer MAC address' on every port on the switch so that they can plug into any port.

Ant help greatly appreciated.

skarthic · ‎03-29-2011

Please check if you are looking for this.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_25_see/configuration/guide/swtrafc.html#wp1038501

And do rate helpful posts.

Thanks.

Murray Bown · ‎03-29-2011

Thanks for the reply. I have followed that document but when i try to apply the command

"switchport port-security mac-address 0014.22f8.d44d"

I receive the following error

"Found duplicate mac-address 0014.22f8.d44d."

This is the config I am trying to use.

switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security mac-address 0014.22f8.d44d

skarthic · ‎03-29-2011

Hi,

Looks like the port security doesnot allow you to configure the same MAC in multiple ports..

Instead try using MAC ACL

Switch(config)#mac access-list extended ?
WORD access-list name

Switch(config)#mac access-list extended MAC_ACL

Switch(config-ext-macl)#permit ?
H.H.H 48-bit source MAC address
any any source MAC address
host A single source host

Switch(config-ext-macl)#permit host 222.222.222 any ---------------> Use the MAC address for the permitted host

Switch(config)#int gigabitEthernet 1/0/1
Switch(config-if)#mac access-group MAC_ACL In

You can create an ACL to allow certain hosts and apply them in the L2 ports..

Regards.

Murray Bown · ‎03-29-2011

Hi,

I will give this a go today.

Thanks