1548P Port Sec question

I don't believe that the switch offers a feature that is the same as the command [tag:switchport] port-security mac-address sticky. The switch does offer the ability to set static MAC addresses.

# switchport port-security mac-address 0011.2233.4455 vlan 33

Static locking allows for a list of MAC addresses that are allowed on a port. Only packets with a known source MAC address can be forwarded. Any packets with source MAC addresses that are not configured are discarded.

Page 281 of the CLI guide goes into a little more detail.

http://dell.to/1RRObpp

Okay thanks, I'd hate to have to enter all those Macs.  Do you know if the N2000 switch series has something like mac address sticky?  Or do none of the Dells have this functionality.  

None of the N-series offer the feature. Here are the switches that show to offer the feature.

S4048-ON,S3048-ON, S6000-ON, Z9500, S6000, S4820T, Z9000, S4810.

The command is:

# mac learning-limit mac-address-sticky

Page 1139 of the cli guide

http://dell.to/1PEbeWw

Let me know if that feature will work for you.

That is completely understandable, since the feature was not mentioned in the User Guide but only in the Release Notes.  It will be full documented in the next set of guides, and is fully featured today.

Thanks, Victor

Good call out Victor! I did not know about that.

Latest firmware:

http://dell.to/1Lr1asd

The sticky mac feature is included in the 6.2.1.x and 6.2.6.x firmware and works very much like the Cisco version.  The settings are under port security settings. See the release notes for these codes.  The feature became available after the User Guide was printed, but will be fully documented in the next release.  

Victor

Josh, here is an excerpt from the Release Notes that shows the added commands...

The following commands were added to support Sticky-MAC Port-Security feature:

Use this command to enable or configure port security (MAC locking) per interface.

Use the no form of the command to disable port security (MAC locking)

switchport port-security [mac-address { sticky | [ sticky ] mac-address vlan {vlan-id }}] | dynamic value | maximum value ]

no switchport port-security [mac-address { sticky | [sticky] mac-address vlan {vlan-id }}] | dynamic | maximum ]

mac-address – a static MAC address to be configured on the interface and VLAN.

vlan-id – the VLAN identifier on which to configure the MAC address

sticky – configure a sticky MAC address on the interface. If not given, a statically locked MAC address is configured on the interface.

dynamic – configure the maximum number of dynamic MAC addresses that be be learned on the interface.

maximum – configure the maximum number of static MAC addreses that may be configured on the interface.

-Victor

Hello Victor,  Here is the running config on that port however it is still pinging out when we test with two different PC's with two different Mac's. 

interface Gi1/0/1

storm-control broadcast level 1

storm-control broadcast action shutdown

spanning-tree portfast

switchport port-security

switchport port-security dynamic 1

switchport port-security mac-address sticky

green-mode eee

exit

!

Here is the new config that seems to work with the maximum set.

interface Gi1/0/1

storm-control broadcast level 1

storm-control broadcast action shutdown

spanning-tree portfast

switchport port-security

switchport port-security dynamic 1

switchport port-security maximum 1

switchport port-security mac-address sticky

switchport port-security mac-address sticky 782B.CBF7.0DD4 vlan 1

green-mode energy-detect

green-mode eee

exit

!

Josh, thanks for the update!  Glad it is working now.  It looks as though there are two port level commands that look similar.  I believe this is how they are working...

"switchport port-security maximum 1" limits the port to only accept a particular MAC address (can't ping any other devices that are plugged into that port), whereas  

“switchport port-security dynamic 1” allows the MAC to only be assigned to the one port (can't ping that same device if it is moved elsewhere in the switch.

-Victor