Instead of configuring it

Mithun Sasi · ‎05-12-2015

Hi All,

i have one 48 port switch and i have applied port security in first 40 ports. these 40 ports are connected to user desks and other 8 ports are connected to meeting room. I have applied mac address sticky in those 40 ports. Now problem is users take their laptops and connect it to the meeting room ports if they have any meetings, and they wont get the IP address,as their mac address is binded to the desk ports.

So is there any solution for this issue? The users must get IP address when they connect to the meeting room ports without removing the port security from user desks.

Thanks

Karsten Iwen · ‎05-12-2015

Instead of configuring it sticky (and, why did you use sticky?) you can configure port-security with a timeout:

 switchport port-security maximum 3
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

Mithun Sasi · ‎05-12-2015

Thanks karsten for the reply.

Sticky needs to applied.. becoz if a user is on leave for a day, the mac address learned in that port will get expired, right. so at that time an outsider can connect to that port and access the network

Karsten Iwen · ‎05-12-2015

With these needs, you should implement 802.1x and not port-security.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

Port Security