Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco 2960 port security

Posted on 2014-01-14
5
Medium Priority
?
576 Views
Last Modified: 2014-01-14
Hello Experts,

I have an 8 port Cisco 2960 switch. I need to configure port security.

Port 1 to 6 will have only one device directly attached, so i can configure the MAC address to stick on these ports.

On port 7, there is another switch attached. This is a simple switch that is not managable. This switch will have 6 more devices attached.

Can i still configure port security on port 7? Like configure some kind of MAC address pool of the devices that are allowed to connect. And when an unknown device is attached, the port will go in error disabled state?
0
Comment
Question by:SvenIA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 11

Accepted Solution

by:
Miftaul earned 1900 total points
ID: 39778687
Yes, you can like below
Switch(config)#int gigabitEthernet 0/12
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security maximum 6
Switch(config-if)#switchport port-security mac-address Sticky

Open in new window

0
 
LVL 25

Assisted Solution

by:Cyclops3590
Cyclops3590 earned 100 total points
ID: 39780372
Only other thing I would look at possibly is changing the violation method.  default is shutdown.  I would change it to restrict or protect.  shutdown actually shuts down the interface if more than the maximum mac addresses are seen killing connections for existing hosts.  The other two will just disable new macs from being learned.  restrict might be better as it increments the securityviolation counter.  but if you don't mind the shutdown feature or you specifically want that, by all means leave it at default.
0
 
LVL 7

Author Comment

by:SvenIA
ID: 39781415
Ok guys thanks for the information. I got one other question.

What if the additional switch was a wireless accesspoint attached to port 7? Will every wireless client count? Is it the same as wired, when it comes to port security?
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39781425
To a switchport, it only understands MAC address. No matter if the mac is learned from connected wired or a wireless device, it still counts.

So yes, its the same regardless of wired or wireless.
0
 
LVL 7

Author Closing Comment

by:SvenIA
ID: 39781435
Thanks for the information! Most helpfull.....
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question