cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
624
Views
5
Helpful
6
Replies

Nexus 3172T How block port by MAC Address

inakiss
Level 1
Level 1

Hi,

I want to block access to the switch by MAC Address, but I don't known how to do it. In many forums appears command "switchport port-security", but my switch doesn't have this option. Does anyone know how to do it?

Switch info:

Hardware
cisco Nexus 3172T Chassis
Intel(R) Pentium(R) CPU @ 2.00GHz with 4029688 kB of memory.

Software
BIOS: version 5.3.1
NXOS: version 9.3(7)

 

Thanks,

I

 

1 Accepted Solution

Accepted Solutions

You use manaul mac to port secuirty 

Not sticky nor dynamic' why?

If you want port secuirty remove mac secure add 

Use dynamic with aging time 

View solution in original post

6 Replies 6

Use mac acl if port-secuirty is not support in this nsk platform.

Hi,

Do I need to make an ACL for each port?

What are the commands I have to use? I have seen in the manual to use "mac access-list", but I don't have this option in "mac", only "mac ipv6-extract".

Thanks,

I

feature port-security <<- this need 
port security support in N3K....TQ..
MAC ACL not support for your platform 
Screenshot (45).pngScreenshot (46).png

Hi,

You are right, I needed to enable "feature port-security".

Ok, so I configured a port with mac-address security:

switch# configure terminal
switch(config)#  interface Eth1/3
switch(config-if)# feature port-security
Please apply the same port-security config on the peer device also, if VPC is configured
switch(config-if)# switchport port-security mac-address xxxx.xxxx.xxxx
switch(config-if)# switchport port-security violation shutdown
switch(config-if)# exit
switch(config)#
switch#  show running-config port-security

!Command: show running-config port-security
!Running configuration last done at: Tue Feb  6 01:03:07 2001
!Time: Tue Feb  6 01:24:13 2001

version 9.3(7) Bios:version 5.3.1
feature port-security


interface Ethernet1/3
  switchport port-security mac-address xxxx.xxxx.xxxx


Now, when I connect other device in this port, switch blocked this port. How can I recover this port without reset port security mac?

Thanks,

I

 

 

 

You use manaul mac to port secuirty 

Not sticky nor dynamic' why?

If you want port secuirty remove mac secure add 

Use dynamic with aging time 

I prefer the manual, because it gives me more control over who has access.

I

Review Cisco Networking for a $25 gift card