Cisco 2950 Switch Port Security


I have a 2950 switch where I will have a retail Netgear switch attached to one of the ports.  The devices attached to the Netgear switch will change frequently as I will use it to work on clients' systems.

Because of the frequent system/MAC address changes, I cannot figure out how I can setup any sort of security on the 2950.

Please advise.

Thank you and have a great day,

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You can setup port-security with mac address as sticky and set maximum number to the number of netgears port. You will have to regularly cleanup the learned mac addresses as it fill up.
GEMCCAuthor Commented:

Would I be able to set a time limit as to how long a MAC address is stored versus having to manually clean it up?

Thanks for your help,

You can still enable port security on that port (if there are some conditions met), you need to set MAC aging if port can be configured as access port as long as there is less than 132 MAC address at period of MAC aging time (0 - 1440 minutes) set for port security.

Router(config)# interface fastethernet 0/1
Router(config-if)# switchport mode access
Router(config-if)# switchport port-security maximum 64
Router(config-if)# switchport port-security mac-address sticky
Router(config-if)# switchport port-security aging time 20
Router(config-if)# switchport port-security aging type inactivity
Router(config-if)# switchport port-security violation protect
Router(config-if)# switchport port-security

Example - any MAC address will be removed from port security after 20 minutes of inactivity with maximum 64 MAC address at one time on port. When there is more than max MAC address of port - traffic from new MAC address will be dropped. You can set absolute time instead of inactivity, but more on link below

More -2950 port security

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

Port security aging is the option as stated by Predrag Jovic.

When any port goes ERRORDISABLE state, you might also set

SW15(config)#errdisable recovery cause psecure-violation
SW15(config)#errdisable recovery interval 1800
If port-security violation protect, or port-security violation restrict are set - no need to errordisable since port will not go to error-disabled state. Port will be error-disabled only in port-security violation shutdown (it's default).  :)
•protect—When the number of port secure MAC addresses reaches the maximum limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses to drop below the maximum value.
•restrict—A port security violation restricts data and causes the SecurityViolation counter to increment and sends an SNMP trap.
•shutdown—The interface is error-disabled when a security violation occurs.
GEMCCAuthor Commented:
Thanks to all of the quick responses!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.