dsterling
asked on
Setting up Port Security on a Cisco 2950 switch
I'm setting up Port security on my main network switch that leads to the default gateway. I set up port security on one port with a computer close by to test the port security and was able to apply port-security on that port with that specific computer so I know that I set it up correctly.
I have a port that is connected to a hub that 4 computers are connected too so I need to set up port security for that port that the hub connects too and configure all the computers tha connect to that hub for port-security on the main switch. This is how I configured:
interface FastEthernet0/3
description ***hub***
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security violation restrict
switchport port-security mac-address 0080.4529.a511
switchport port-security mac-address 0080.4529.ab7c
switchport port-security mac-address 0080.452c.b23f
switchport port-security mac-address 0080.452c.b270
When I do this none of the computers can access the network, can anyone tell me what I'm doing wrong? I don't save the config and I reboot the switch and all the computers can now access the network.
Thank you,
DSterling
I have a port that is connected to a hub that 4 computers are connected too so I need to set up port security for that port that the hub connects too and configure all the computers tha connect to that hub for port-security on the main switch. This is how I configured:
interface FastEthernet0/3
description ***hub***
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security violation restrict
switchport port-security mac-address 0080.4529.a511
switchport port-security mac-address 0080.4529.ab7c
switchport port-security mac-address 0080.452c.b23f
switchport port-security mac-address 0080.452c.b270
When I do this none of the computers can access the network, can anyone tell me what I'm doing wrong? I don't save the config and I reboot the switch and all the computers can now access the network.
Thank you,
DSterling
ASKER
Do I have to apply a sticky learning statement? If so what would that be?
Thanks
DSterling
Thanks
DSterling
No. If it supports sticky learning, it's on by default. Once workstations start generating frames, you'll see the addresses show up in the table.
ASKER
so the commands would be ? :
interface FastEthernet0/3
description ***hub***
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security violation restrict
switchport port-security mac-address
switchport port-security mac-address
switchport port-security mac-address
switchport port-security mac-address
How would this add security and it seems that anyone could connect a computer and it would show connect?
Thank you,
DSterling
interface FastEthernet0/3
description ***hub***
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security violation restrict
switchport port-security mac-address
switchport port-security mac-address
switchport port-security mac-address
switchport port-security mac-address
How would this add security and it seems that anyone could connect a computer and it would show connect?
Thank you,
DSterling
The commands would be:
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security violation restrict
With sticky learning, (and this configuration) the first 5 addresses would be added as static entries to the address table.
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security violation restrict
With sticky learning, (and this configuration) the first 5 addresses would be added as static entries to the address table.
ASKER
Don,
I used it and it worked, but it seems that this only allows for the maximum amount of any mac addresses, in that case then users could disconnect a computer and connect their personnal computer, would that be the case?
Thanks,
DSterling
I used it and it worked, but it seems that this only allows for the maximum amount of any mac addresses, in that case then users could disconnect a computer and connect their personnal computer, would that be the case?
Thanks,
DSterling
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Don,
Works great, Thanks
Works great, Thanks
Try this: Use the same config and leave off assigning the mac addresses. Let the switch use sticky learning to populate the address table. See if it behaves any differently.