Cisco Port Security with Dynamic MAC Address Learning


Port SecurityIn this lab I used a Cisco Catalyst WS-C3560G-24TS switch [IOS Version 12.2(40)SE]. Using Cisco Port Security it is possible to associate a static MAC address to a physical port on a switch. This only allows one host with that specific MAC address to connect physically to the specified port. The interface configuration command you would use to accomplish this and shutdown the port if the rule is violated is:

- switchport port-security mac-address [host_mac_address]
- switchport port-security violation shutdown


However, if you are attempting to assign static MACs to many ports, this can quickly become tedious and a dynamic approach would be more appropriate. The more efficient way to accomplish the task would be to apply the below commands using the “range” command option on all interested interfaces. This will permanently associate the first MAC address learned on the port to that port. If another host attempts to connect to the port after the association is made, the port will be shutdown. In the example below I demonstrate with GigabitEthernet ports 1 – 24.

Cisco Port Security with Dynamic MAC Address Learning

Cisco Port Security with Dynamic MAC Address Learning


Twitt

Tags: , , , , , , , , , , ,

4 Responses to “Cisco Port Security with Dynamic MAC Address Learning”

  1. [...] cisco port configuration humairahmed.com [...]

  2. CCNA says:

    CCNA…

    [...]Humair’s Blogs » Blog Archive » Cisco Port Security with Dynamic MAC Address Learning[...]…

  3. I am following your blog from the beginning, it was so distinct & I had a chance to collect conglomeration of information that helps me a lot to improvise myself.

  4. Well Said, you have furnished the right information that will be useful to anyone at all time. Thanks for sharing your Ideas.

Leave a Reply

*


+ 3 = four