Cisco Port-Security
I would like to make port-security a little more flexable. For example, lets say I have 24 access ports. I would like to have a list of 24 mac-addresses that could access any one of those 24 ports at any time. So the interface port would look to see if the device trying to connect matched the list of allowed mac-address. It it possible to do that?
Software/Hardware used:
Cisco 2960 switch
Software/Hardware used:
Cisco 2960 switch
ASKED:
July 1, 2010 1:38 PM
UPDATED:
July 2, 2010 3:22 PM
Answer Wiki:
yes you can. by doing this way, if lets say someone mac add is 00-00-00-00-00-00 (for example) and another person with a mac add of 11-11-11-11-11-11 uses the port, the port will be disabled straight away...
To see all answers submitted to the Answer Wiki: View Answer History.
Why would you want any 24 roaming devices to connect to any of ports? Switches are normally wired into the system and connections on their individual ports dedicated to a single device.
Cisco has an extended MAC list command for the switch, but I’m not sure if it will do what you want.
mac access-list extended name
allows predefined MACs to access specified protocols/traffic on the switch port.
As jinteik says, you can set switches up to allow only one specified mac to use the a defined port, but multiple access lists for the same switch port is not something I have come across before, or even wanted to do.