Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3244
Views
0
Helpful
6
Replies

switch security port same mac

Go to solution
marcelo.sequeira
Level 1
Level 1

‎03-07-2013 08:27 AM - edited ‎03-07-2019 12:07 PM

Hi

I want to apply security to a switch allowing to connect several machines in different ports of the same switch.

To do this, I issued the command

# switchport port-security

# switchport port-security maximum 3

# switchport port-security mac-address sticky

# switchport port-security mac-address sticky X.X.X

# switchport port-security mac-address sticky Y.Y.Y

# switchport port-security mac-address sticky Z.Z.Z

When I do this on the first interface, I have no problems. Doing in the second, I get a message saying that the MAC address is already used. What I want is that in the same room, computers (which are always the same) can switch places with each other.

1 person had this problem
Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Gregory Snipes
Level 4
Level 4

‎03-07-2013 08:49 AM

Port security does not allow for MAC addresses to be used on several different ports. Preventing MAC addresses from being present on more then a single port is port security's most basic function. If you wish for the devices to be able to move ports you must either disable port security altogether or remove sticky MAC and set the aging to inactivity.

View solution in original post

0 Helpful

Go to solution
Gregory Snipes
Level 4
Level 4
In response to marcelo.sequeira

‎03-07-2013 10:36 AM

It is the use of the sticky command that is the real issue. Sticky=can't move.

View solution in original post

0 Helpful

Go to solution
Gregory Snipes
Level 4
Level 4
In response to marcelo.sequeira

‎03-07-2013 01:06 PM

In that case I would say the best option is to go with an 802.1x solution. However you would require a radius server to get that going and I do not know if the computers on the food carts are capable.

If you have a wireless system (don't know if hospitals like these currently) you could try placing some type of wireless bridge device on the carts or fitting the devices with wireless NICs. Then they roam around freely.

I understand this is kind of a pain in the neck, I used to do alot of work with the DOD and they faced similar chalenges in trying to secure there ports. They finaly started pushing 802.1x real hard because port security is just a bad tool for this kind of thing in our modern mobile world.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Gregory Snipes
Level 4
Level 4

‎03-07-2013 08:49 AM

Port security does not allow for MAC addresses to be used on several different ports. Preventing MAC addresses from being present on more then a single port is port security's most basic function. If you wish for the devices to be able to move ports you must either disable port security altogether or remove sticky MAC and set the aging to inactivity.

0 Helpful

Go to solution
marcelo.sequeira
Level 1
Level 1
In response to Gregory Snipes

‎03-07-2013 10:33 AM

Thanks for the reply

Anyway, I figured that would not be possible but I do not find useful.

If for a training room, we deliver 20 laptops and we want that only those computers (and not bringed by users) will be connected, the "switchport port-security aging" command does not solve my problem.

0 Helpful

Go to solution
Gregory Snipes
Level 4
Level 4
In response to marcelo.sequeira

‎03-07-2013 10:36 AM

It is the use of the sticky command that is the real issue. Sticky=can't move.

0 Helpful

Go to solution
marcelo.sequeira
Level 1
Level 1
In response to Gregory Snipes

‎03-07-2013 12:53 PM

I will explain my problem to see if you have another idea.

I have 14 machines to connect in a building (not computers but food carts) that travel through the different floors of a hospital.

About 3 of them must be plugged to some ports on the same floor (same switch). All of them (14) can be connected to any of those ports (on any switch, on any floor).

I don't want to leave ports in the hallways without security, because anyone can use to connect your own computer. do you see other solution?

Regards

0 Helpful

Go to solution
Gregory Snipes
Level 4
Level 4
In response to marcelo.sequeira

‎03-07-2013 01:06 PM

In that case I would say the best option is to go with an 802.1x solution. However you would require a radius server to get that going and I do not know if the computers on the food carts are capable.

If you have a wireless system (don't know if hospitals like these currently) you could try placing some type of wireless bridge device on the carts or fitting the devices with wireless NICs. Then they roam around freely.

I understand this is kind of a pain in the neck, I used to do alot of work with the DOD and they faced similar chalenges in trying to secure there ports. They finaly started pushing 802.1x real hard because port security is just a bad tool for this kind of thing in our modern mobile world.

0 Helpful

Go to solution
marcelo.sequeira
Level 1
Level 1
In response to Gregory Snipes

‎03-07-2013 01:29 PM

I appreciate your effort.

At the moment, wireless networks are not allowed for this type of equipment for the health care system here. I'll find another solution or I'll get used to see the ports without security and accessible to anyone.

thank you very much

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card