Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
861
Views
5
Helpful
10
Replies

Port security

adamgibs7
Level 6
Level 6

‎05-04-2018 05:10 PM - edited ‎03-08-2019 02:54 PM

Dears

Apart from switchport port security is there any way that PC's should not move from one port to another, becz I am using dot1x on the port and switchport port security is not supported with dot1x as per cisco recommends that we should not use both features on one port.

 

Thanks

Labels:
0 Helpful
10 Replies 10

Kevin SAS
Level 1
Level 1

‎05-04-2018 06:50 PM

Hi,

However, it should work, have you already tried it ?

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/50sg/configuration/guide/Wrapper-46SG/dot1x.pdf

page 16

Don't know any other function like port-security

0 Helpful

adamgibs7
Level 6
Level 6
In response to Kevin SAS

‎05-05-2018 12:19 AM - edited ‎05-05-2018 11:02 AM

Dear,

In IOS version 15.X the port security and dot1.x commands doesn't supports together on the port.

 

thanks

0 Helpful

adamgibs7
Level 6
Level 6
In response to adamgibs7

‎05-05-2018 11:17 AM

anybody knows how I can achieve the port security sticky feature of switch if I m  using dot1x on the switch.

 

thanks

0 Helpful

Rob Ingram
VIP
VIP
In response to adamgibs7

‎05-05-2018 12:14 PM

Depending on the IOS firmware version you are running and if you are using the IBNS 2.0 syntax, then you could use the access-session mac-move deny global command. More info here

 

Failing that you could limit the number of simultaneous user sessions, link

adamgibs7
Level 6
Level 6
In response to Rob Ingram

‎05-05-2018 02:10 PM

Thanks RJI,

U r the expert,

the link you provided is very helpful I have rated 5 , but my switches are 3750E with maximum ios which can be load is 12.2 (58),

From the ISE I can block the user maximum session but that will not stop the movement of the PC from one switch to another.

0 Helpful

Georg Pauwen
VIP
VIP
In response to adamgibs7

‎05-08-2018 01:42 PM

Hello,

 

I think your 3750E switches support c3750e-ipbasek9-mz.150-2.SE11.bin. Have you tried installing that version ?

0 Helpful

adamgibs7
Level 6
Level 6
In response to Georg Pauwen

‎05-09-2018 07:19 AM

Dear

 

I m on the same IOS as mentioned.

 

thanks

0 Helpful

Georg Pauwen
VIP
VIP

‎05-05-2018 03:18 PM

Hello,

 

I think in the older 12.2 versions (link to the command reference below), 'no authentication mac-move permit' is the f=default. According to the command reference, "if MAC move is disabled, and an authenticated host moves to another port, it is not reauthenticated, and a violation error occurs"

 

So, you wouldn't even need port security...

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/commmand/reference/3750cr/cli1.html

0 Helpful

adamgibs7
Level 6
Level 6
In response to Georg Pauwen

‎05-06-2018 12:47 PM

Dears

Thanks for the reply, It didn't worked for me on 3750 switches.

0 Helpful

adamgibs7
Level 6
Level 6
In response to adamgibs7

‎05-08-2018 12:14 PM

Dear Experts

 

so I shld conclude Cisco  don't have any solution for dot1x and port security to work together ???

 

thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card