Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
933
Views
10
Helpful
3
Replies

Port security - MAC Pool -per vlan MAC pools

Go to solution
Izac ICT
Level 1
Level 1

‎01-21-2019 06:08 AM - edited ‎03-08-2019 05:05 PM

Dear All,

 

We would like to create pool of mac addresses of all our devices and assign them to the all ports and add new ones in the future. Let's say we have 100 devices, only these clients can connect and move around to different ports but if an unregistered device connects, it will not have access. Is it possible to create a mac address table/pool and assign to all ports and update when necessary? Or some other way? MAC ACL? Would it be possible to assign in Vlan level?

 

Could you please share example configs?

 

Thank you very much in advance.

Izac

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎01-21-2019 06:19 AM

Hi
thats really what ISE and ACS are used for and would be the best tool
just using the switch to do it maybe mac address sticky and set the maximum on it to whatever you need , its alot of overhead to manage though in cli , while ISE would do it by policy and pools etc


interface FastEthernet0/9
switchport access vlan 164
switchport mode access
switchport port-security maximum 8
switchport port-security mac-address sticky
switchport port-security mac-address 1234.5678.9012 vlan access
switchport port-security mac-address 1234.5678.9019 vlan access
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust dscp
auto qos trust dscp
spanning-tree portfast
ip dhcp snooping limit rate 7

View solution in original post

3 Replies 3

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎01-21-2019 06:19 AM

Hi
thats really what ISE and ACS are used for and would be the best tool
just using the switch to do it maybe mac address sticky and set the maximum on it to whatever you need , its alot of overhead to manage though in cli , while ISE would do it by policy and pools etc


interface FastEthernet0/9
switchport access vlan 164
switchport mode access
switchport port-security maximum 8
switchport port-security mac-address sticky
switchport port-security mac-address 1234.5678.9012 vlan access
switchport port-security mac-address 1234.5678.9019 vlan access
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust dscp
auto qos trust dscp
spanning-tree portfast
ip dhcp snooping limit rate 7

Go to solution
Izac ICT
Level 1
Level 1
In response to Mark Malone

‎01-22-2019 01:11 AM - edited ‎01-22-2019 01:23 AM

Hello @Mark Malone

Thank you for the answer. How can I create a main list of mac addresses and assign them to all ports and update when necessary?

What I want is to create port security but registered devices can move around and connect to different ports.

 

Cheers,

Izac

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to Izac ICT

‎01-22-2019 01:17 AM

MAC access list maybe , that's the only other option i know , if your switch supports it

Theres an example in this
http://aconaway.com/2008/10/27/using-mac-access-lists/
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card