Switchport Port-Security --- How to assign more than one mac address allow on a switch port?

cisjay · ‎04-20-2017

Hi guys

I thought I will reach out to you guys, I been doing some researching but still not finding what I was looking for. If you can help me out it will be create.

Thank you in advance.

I understand the all concept of a Portsecurity (aging, mac-address, maximum, violation)

I am looking for ways to assign more that two specific mac address into the specific switch-port - that way those mac addresses are only allowed on that port.

The closest way to do it that I tried is to use a mac-address sticky option - my question on this, since this mac addresses will be assign statically forever on this port, will this mac address can be connected to the network using other ports?, that will cause a mac address duplicate on that switch.

If you can tell me how to do that, command or links that will help.

Note: that I am using Cat 2960x and 4500

Collin Clark · ‎04-20-2017

Yes if you want it to or No if you don't!

Sticky with aging would allow that MAC to be learned on that port, but set a lifetime on it (basically clear the MAC address from the table). It would then re-learn and be OK. You could move the device to another port assuming that if you set the max number of MAC learned was more than what was learned. If you want a device to be able to be on say port gi1/0/1 and gi1/0/48, then you can apply the MAC (manually) to both interfaces. Depending on the rest of the config, another host may or may not be able to use that port.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/port_sec.html

HTH