Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1519
Views
0
Helpful
2
Replies

Port Access Control

jdleon
Level 1
Level 1

‎02-11-2011 03:51 AM - edited ‎03-06-2019 03:30 PM

Is there a way to limit a users access on the network by programming a  port on a Cisco switch to shutdown at a certain time and enable at a  certain time?

Labels:
0 Helpful
2 Replies 2

Latchum Naidu
VIP Alumni
VIP Alumni

‎02-11-2011 04:10 AM

Hi,

Youc an control the access on certain switch port by using Cisco switch port security mechanism.

But the port will shutdown at certain time but do not turn on.

Configure port security

Configuring the Port Security feature is relatively easy. In its simplest form, port security requires going to an already enabled switch port and entering the port-securityInterface Mode command. Here's an example:

Switch)# config t
Switch(config)# int fa0/18
Switch(config-if)# switchport port-security ?
  aging           Port-security aging commands
  mac-address     Secure mac address
  maximum         Max secure addresses
  violation       Security violation mode
  

Switch(config-if)# switchport port-security 
Switch(config-if)#^Z

By entering the most basic command to configure port security, we accepted the default settings of only allowing one MAC address, determining that MAC address from the first device that communicates on this switch port, and shutting down that switch port if another MAC address attempts to communicate via the port. But you don't have to accept the defaults.

Know your options

As you can see in the example, there are a number of other port security commands that you can configure. Here are some of your options:

  • switchport port-security maximum {max # of MAC addresses allowed}: You can use this option to allow more than the default number of MAC addresses, which is one. For example, if you had a 12-port hub connected to this switch port, you would want to allow 12 MAC addresses—one for each device. The maximum number of secure MAC addresses per port is 132.
  • switchport port-security violation {shutdown | restrict | protect}: This command tells the switch what to do when the number of MAC addresses on the port has exceeded the maximum. The default is to shut down the port. However, you can also choose to alert the network administrator (i.e., restrict) or only allow traffic from the secure port and drop packets from other MAC addresses (i.e., protect).
  • switchport port-security mac-address {MAC address}: You can use this option to manually define the MAC address allowed for this port rather than letting the port dynamically determine the MAC address.

Of course, you can also configure port security on a range of ports. Here's an example:

Switch)# config t
Switch(config)# int range fastEthernet 0/1 - 24  
Switch(config-if)# switchport port-security

However, you need to be very careful with this option if you enter this command on an uplink port that goes to more than one device. As soon as the second device sends a packet, the entire port will shut down.

Hope this will help you.

Please rate the helpfull posts.

Regards,

Naidu.

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎02-11-2011 05:48 AM 

 
Currently Being Moderated
Port Access Control
Is there a way to limit a users access on the network by programming a  port on a Cisco switch to shutdown at a certain time and enable at a  certain time?


Hi,

As suggested port secuirty is the mechanism where you can restrict the port been on and shut state based on mac entries you have asked on that port.

Check out the below link

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/port_sec.html

Hope to Help !!

Ganesh.H

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card