09-22-2014 07:17 AM - edited 03-07-2019 08:50 PM
Hi all,
just a quick question
assume i have two pcs , pc1 & pc2 connected to switchA
and switch A go to switch B by trunk.
there is pc3 on switch B.
topology as below :
pc1 ,pc2-----SWA--------SWB-----pc3
the question is.
if i want to allow only pc1 & pc2 devices to access pc3 by .
wt is the maximum mac address should be put on the SWA to restrict ?
2 or 3 ?
i mean under the interface command:
switchport port-security maximum 2
or
switchport port-security maximum 3
and why ?
regars
09-22-2014 07:51 AM
You question is incomplete, can you clarify what you are trying to achieve?
From what you are saying you are looking at the wrong solution, 'port security' restricts an interface to the devices that are specified, or learned, in the case of 'sticky'.
However, you want to prevent a host connecting to another? If so, there are various approaches to this.
Martin
09-22-2014 08:00 AM
HIi ,
here is wt i have :
switchport mode trunk
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation restrict
as i undertstand that i put max is 2 for the two pcs.
want to ask , if i made a telnet to the switch SWA itself from pc3 , do i need to allow more than 2 macs in this case ?
09-22-2014 10:24 AM
With this config, not more than two PC can be connected to SW-A, but if requirement is to access PC3 then mac-acl can be applied on access port of PC3 to allow source mac of pc1 and pc2. With this more than two pc can be connected to SW-A but only pc1 and pc2 can access pc3. If requirement is to limit number of devices on SW-A access port to 2, then your config is correct (switchport port-security maximum 2).
Regards,
Akash
09-22-2014 05:23 PM
Ahmed,
Switch port-security Maximum 2 ==.> Means that you can connect upto 2 machines only to this specific port.(Its connecting the pc to the port physically, & not incoming connection from outside world).
Here is what you need to do:
Switch2:
==========
For restricting the access to the PC3 either from its own switch or external you need to use the Access-list to filter the allowed and blocked mac/ip to this specific machine on switch 2.
HTH
Regards
Inayath
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide