?
Solved

Setting up Port Security on a Cisco 2950 switch

Posted on 2006-05-27
8
Medium Priority
?
518 Views
Last Modified: 2010-08-05
I'm setting up Port security on my main network switch that leads to the default gateway. I set up port security on one port with a computer close by to test the port security and was able to apply port-security on that port with that specific computer so I know that I set it up correctly.

I have a port that is connected to a hub that 4 computers are connected too so I need to set up port security for that port that the hub connects too and configure all the computers tha connect to that hub for port-security on the main switch. This is how I configured:

interface FastEthernet0/3
 description ***hub***
 switchport mode access
 switchport port-security
 switchport port-security maximum 5
 switchport port-security violation restrict
 switchport port-security mac-address 0080.4529.a511
 switchport port-security mac-address 0080.4529.ab7c
 switchport port-security mac-address 0080.452c.b23f
 switchport port-security mac-address 0080.452c.b270

When I do this none of the computers can access the network, can anyone tell me what I'm doing wrong? I don't save the config and I reboot the switch and all the computers can now access the network.

Thank you,
DSterling
 
0
Comment
Question by:dsterling
  • 4
  • 4
8 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 16775119
The config looks fine to me. I don't know why it would be acting that way.

Try this: Use the same config and leave off assigning the mac addresses. Let the switch use sticky learning to populate the address table. See if it behaves any differently.
0
 

Author Comment

by:dsterling
ID: 16775577
Do I have to apply a sticky learning statement? If so what would that be?

Thanks
DSterling
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 16776831
No. If it supports sticky learning, it's on by default. Once workstations start generating frames, you'll see the addresses show up in the table.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:dsterling
ID: 16777781
so the commands would be ? :
interface FastEthernet0/3
 description ***hub***
 switchport mode access
 switchport port-security
 switchport port-security maximum 5
 switchport port-security violation restrict
 switchport port-security mac-address
 switchport port-security mac-address
 switchport port-security mac-address
 switchport port-security mac-address

How would this add security and it seems that anyone could connect a computer and it would show connect?

Thank you,
DSterling
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 16779076
The commands would be:

 switchport mode access
 switchport port-security
 switchport port-security maximum 5
 switchport port-security violation restrict

With sticky learning, (and this configuration) the first 5 addresses would be added as static entries to the address table.
0
 

Author Comment

by:dsterling
ID: 16787770
Don,

I used it and it worked, but it seems that this only allows for the maximum amount of any mac addresses, in that case then users could disconnect a computer and connect their personnal computer, would that be the case?

Thanks,
DSterling
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 1000 total points
ID: 16788905
No. Addresses learned through sticky learning are added to the address table as static entries. They will stay in the table until removed or until port security is disabled.

The only catch to sticky learning is that you have to make sure the first 5 addresses seen by the switch on that port are the addresses you want to be allowed.
0
 

Author Comment

by:dsterling
ID: 16789486
Don,

Works great, Thanks
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question