eemoon
asked on
Cisco switch port security
Hi Cisco switch has one command "switchport port-security mac-addrss xxx.xxx.xxx vlan access". My question is what is difference between with vlan access and without vlan access? and it mentions " vlan set VLAN ID of the VLAN on which this address can be learned" is that meaning the mac address can be learn from this vlan anywhere? Thanks
Predrag Jovic
When you specify the vlan keyword, the mac-address is reletated only to that specified VLAN. If that MAC address would appear on the same port, but in different VLAN, port security would react with configured security action (restrict or shutdown). Options for vlans are - voice or access (data) If vlan access is configured for specific MAC address port-security would react with specified action if MAC address appears in voice VLAN.
ASKER
Thank you so much for your fast reply. The below is its configuration:
interface FastEthernet0/13
switchport access vlan 10
switchport mode access
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address 001b.d41b.a4d8 vlan access
spanning-tree portfast
vlan is 10. How it come with on the same port, but in different VLAN?
interface FastEthernet0/13
switchport access vlan 10
switchport mode access
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address 001b.d41b.a4d8 vlan access
spanning-tree portfast
vlan is 10. How it come with on the same port, but in different VLAN?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
for example there is voice connected to the port:
interface FastEthernet0/13
switchport access vlan 10
switchport mode access
switchport access vlan 20
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address 001b.d41b.a4d8 vlan access
spanning-tree portfas
the mac address is for PC, do we need to add phone's mac to the configuration?
interface FastEthernet0/13
switchport access vlan 10
switchport mode access
switchport access vlan 20
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address 001b.d41b.a4d8 vlan access
spanning-tree portfas
the mac address is for PC, do we need to add phone's mac to the configuration?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
switchport access vlan 20
switchport voice vlan 20
These two command under the one port usually are not in the same vlan.
switchport voice vlan 20
These two command under the one port usually are not in the same vlan.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.