10-13-2014 06:16 PM - edited 03-07-2019 09:05 PM
Hello guys, this is so far for me to configure port security. but i never do like this requirement below, and if all guy has experience please share me. I want to configure port security which allow on my client 100 computer can access to my LAN, so if my client take his own laptop to plug in to my switch, that port is shutdown. if this requirement it seems simple right? but I have special exception, if i want to all my client PC(which allow to access to LAN) can plug to all switch( mean i have 5 switch, and PC1 connect to SW1 but if i take PC1 to plug to SW2 it still work without shutdown port), but still can have connectivity to access. Please help me. Thank
10-13-2014 09:50 PM
Sorry to say not clear what you are trying to achieve here.
Anyways here is what you can do with Port-Security:
1- On a single port you can configure port-security to allow maximum number of PC's to be connected and also for some extent you an configure the mac address to be blocked down on port exclusively.
HTH
10-13-2014 11:56 PM
Dear Insharie,
Sorry for inconvenient with my unclear question. let me describe to you again.
Assume I have 5 switch(SW1,SW2,SW3,SW4,and SW5), and the client1's PC normally connect to
SW1, but once day his computer is moved to connect to SW3, so if we configure Port Security,
The port is shutdown becuase our restriction. the goal what i gonnna do is all computer
(100 computer) can plug any switch without shutdown or restrict.
10-13-2014 10:24 PM
Hi pdara0001,
Good Day!
Are you trying to say that your client has 2 endpoint devices (1 company provided computer and 1 personal laptop)?
Do you mean that when your client connects to the switch using his/her own personal laptop, the port should shutdown the connection? Because in that is the cause, I believe it is much better if you configure 802.1x authentication rather than the port security mechanism because if you will use the port security, it uses MAC address of the endpoints to determine if the endpoint is allowed or not. This means that you will need to know the 100 computers' MAC addresses to implement it.
In the other hand, for this 802.1x security you can use Cisco ACS or Cisco ISE then integrate it to your Active Directory (AD) so that ACS or ISE will query the AD for the user credentials which means that the company computers must be joined into the company's domain.
After integrating the ACS or ISE to the AD, you should configure the switches to support 802.1x.
Thank you and have a nice day!
Cheers,
Niks
10-13-2014 11:55 PM
Dear Niks,
First, I am overly grateful with your answer and clear. yeah you got my meaning.
Assume I have 5 switch(SW1,SW2,SW3,SW4,and SW5), and the client1's PC normally connect to
SW1, but once day his computer is moved to connect to SW3, so if we configure Port Security,
The port is shutdown becuase our restriction. the goal what i gonnna do is all computer
(100 computer) can plug any switch without shutdown or restrict. And Regarding your explain,
I need to search with 802.1X to implement,because i don have experience with this before.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide