Thursday, January 27, 2011

Cisco Switch MAC based Port Security

In order configure MAC Address based Port Security on Cisco Switch perform the following commands; (These commands below are valid for 3750 series, for other models command may vary) conf t int GiX/x/x switchport mode access (port security can be used on access mode) switchport port-security switchport port-security mac-address xxxx.xxxx.xxxx end wr (To determine maximum number of mac addresses that can connect to specific interface; config-if)switchport port-security maximum number Only MAC address xxxx.xxxx.xxxx will be able to connect to related port. Otherwise port will be shutdown (default action) If port is shutdown, you will see port status as a err-disabled #show interfaces gigabitethernet 4/1/1 status Port Name Status Vlan Duplex Speed Type Gi4/1 err−disabled 100 full 1000 1000BaseSX
In order to re-enable port(In interface prompt);
int G1/0/19 no switchport port-security (this cmd will completely remove port-security, may not be necessary) shut no shut Manually enabling port can be nightmare for network administrators. You can configure automatic recovery by using the commands below; (config)#errdisable recovery cause psecure-violation (config)#errdisable recovery interval ? <30-86400> timer-interval(sec) (config)#errdisable recovery interval 300 With the configuration above you can assign only one mac address per port, by using mac access lists you can assign many mac addresses to a port; Ex; mac access-list extended PermitMacList permit host xxxx.xxxx.xxxx any int fa0/1 mac access-group PermitMacList in int fa0/2 mac access-group PermitMacList in

No comments:

Post a Comment

span.fullpost {display:inline;}