Solved

Cisco 2960 port security

Posted on 2014-01-14
5
543 Views
Last Modified: 2014-01-14
Hello Experts,

I have an 8 port Cisco 2960 switch. I need to configure port security.

Port 1 to 6 will have only one device directly attached, so i can configure the MAC address to stick on these ports.

On port 7, there is another switch attached. This is a simple switch that is not managable. This switch will have 6 more devices attached.

Can i still configure port security on port 7? Like configure some kind of MAC address pool of the devices that are allowed to connect. And when an unknown device is attached, the port will go in error disabled state?
0
Comment
Question by:SvenIA
  • 2
  • 2
5 Comments
 
LVL 11

Accepted Solution

by:
Miftaul earned 475 total points
ID: 39778687
Yes, you can like below
Switch(config)#int gigabitEthernet 0/12
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security maximum 6
Switch(config-if)#switchport port-security mac-address Sticky

Open in new window

0
 
LVL 25

Assisted Solution

by:Cyclops3590
Cyclops3590 earned 25 total points
ID: 39780372
Only other thing I would look at possibly is changing the violation method.  default is shutdown.  I would change it to restrict or protect.  shutdown actually shuts down the interface if more than the maximum mac addresses are seen killing connections for existing hosts.  The other two will just disable new macs from being learned.  restrict might be better as it increments the securityviolation counter.  but if you don't mind the shutdown feature or you specifically want that, by all means leave it at default.
0
 
LVL 7

Author Comment

by:SvenIA
ID: 39781415
Ok guys thanks for the information. I got one other question.

What if the additional switch was a wireless accesspoint attached to port 7? Will every wireless client count? Is it the same as wired, when it comes to port security?
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39781425
To a switchport, it only understands MAC address. No matter if the mac is learned from connected wired or a wireless device, it still counts.

So yes, its the same regardless of wired or wireless.
0
 
LVL 7

Author Closing Comment

by:SvenIA
ID: 39781435
Thanks for the information! Most helpfull.....
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now