Link to home
Start Free TrialLog in
Avatar of rlt3
rlt3

asked on

Port Security on SPF fiber port

I am trying to set up a network with port security for the cisco 2960 sw that connects to another 2960 sw via the spf fiber port. (WAN backbone)  I have successfully configured it for the eth interfaces with only one  device, but having problems on the fiber port.  I am using the port security feature that only allows 1 MAC to be recognized and if any other MAC is seen to shut down that port.  If someone could please tell me if it is possible to set this up on the fiber port.  Also I was wondering that if someone disconnects the fiber from the SPF port can they gain access using the Eth port (i.e. gig0/24 has both eth and fiber port)?  Thanks in advanced.
Avatar of td_miles
td_miles
There are a few limitations. The ones that I can find are:

Follow these guidelines when configuring port security:

•A secure port cannot be a trunk port.
•A secure port cannot be a destination port for Switch Port Analyzer (SPAN).
•A secure port cannot belong to an EtherChannel port-channel interface.
•A secure port cannot be an 802.1X port. If you try to enable 802.1X on a secure port, an error message appears, and 802.1X is not enabled. If you try to change an 802.1X-enabled port to a secure port, an error message appears, and the security settings are not changed.

which come from:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/port_sec.htm
Avatar of rlt3
rlt3

ASKER


So for the 2960G, there are 4 dual ports (gigeth & spf).  The current setup is using fiber (spf), but i am concerned that if someone disconnects the fiber port and tries to plug there laptop into the unused ethernet port.

Here are some clips i got out of the Catalyst 2960 Switch Software Configuration Guide:

Port Security Configuration Guidelines
Follow these guidelines when configuring port security:
• Port security can only be configured on static access ports or trunk ports. A secure port cannot be a
dynamic access port.

Table 21-3 Port Security Compatibility with Other Switch Features
Type of Port or Feature on Port Compatible with Port Security
DTP1 port2
1. DTP = Dynamic Trunking Protocol
2. A port configured with the switchport mode dynamic interface configuration command.
No
Trunk port Yes
Dynamic-access port3
3. A VLAN Query Protocol (VQP) port configured with the switchport access vlan dynamic interface configuration command.
No
ASKER CERTIFIED SOLUTION
Avatar of td_miles
td_miles
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial