Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
599
Views
5
Helpful
6
Replies

Nexus 3172T How block port by MAC Address

Go to solution
inakiss
Level 1
Level 1

‎07-03-2023 03:41 AM

Hi,

I want to block access to the switch by MAC Address, but I don't known how to do it. In many forums appears command "switchport port-security", but my switch doesn't have this option. Does anyone know how to do it?

Switch info:

Hardware
cisco Nexus 3172T Chassis
Intel(R) Pentium(R) CPU @ 2.00GHz with 4029688 kB of memory.

Software
BIOS: version 5.3.1
NXOS: version 9.3(7)

 

Thanks,

I

 

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to inakiss

‎07-05-2023 02:47 AM - edited ‎07-05-2023 02:54 AM

You use manaul mac to port secuirty 

Not sticky nor dynamic' why?

If you want port secuirty remove mac secure add 

Use dynamic with aging time 

View solution in original post

6 Replies 6

Go to solution
MHM Cisco World
VIP
VIP

‎07-03-2023 03:46 AM

Use mac acl if port-secuirty is not support in this nsk platform.

0 Helpful

Go to solution
inakiss
Level 1
Level 1
In response to MHM Cisco World

‎07-03-2023 04:03 AM

Hi,

Do I need to make an ACL for each port?

What are the commands I have to use? I have seen in the manual to use "mac access-list", but I don't have this option in "mac", only "mac ipv6-extract".

Thanks,

I

Go to solution
MHM Cisco World
VIP
VIP
In response to inakiss

‎07-03-2023 06:30 AM

feature port-security <<- this need 
port security support in N3K....TQ..
MAC ACL not support for your platform 
Screenshot (45).pngScreenshot (46).png

Go to solution
inakiss
Level 1
Level 1
In response to MHM Cisco World

‎07-05-2023 02:40 AM

Hi,

You are right, I needed to enable "feature port-security".

Ok, so I configured a port with mac-address security:

switch# configure terminal
switch(config)#  interface Eth1/3
switch(config-if)# feature port-security
Please apply the same port-security config on the peer device also, if VPC is configured
switch(config-if)# switchport port-security mac-address xxxx.xxxx.xxxx
switch(config-if)# switchport port-security violation shutdown
switch(config-if)# exit
switch(config)#
switch#  show running-config port-security

!Command: show running-config port-security
!Running configuration last done at: Tue Feb  6 01:03:07 2001
!Time: Tue Feb  6 01:24:13 2001

version 9.3(7) Bios:version 5.3.1
feature port-security


interface Ethernet1/3
  switchport port-security mac-address xxxx.xxxx.xxxx

Now, when I connect other device in this port, switch blocked this port. How can I recover this port without reset port security mac?

Thanks,

I

 

 

 

Go to solution
MHM Cisco World
VIP
VIP
In response to inakiss

‎07-05-2023 02:47 AM - edited ‎07-05-2023 02:54 AM

You use manaul mac to port secuirty 

Not sticky nor dynamic' why?

If you want port secuirty remove mac secure add 

Use dynamic with aging time 

Go to solution
inakiss
Level 1
Level 1
In response to MHM Cisco World

‎07-05-2023 02:52 AM

I prefer the manual, because it gives me more control over who has access.

I

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card