Unsolved
This post is more than 5 years old
1 Message
0
3863
N Series Switch Mac-Address Port-Security
Hello all,
We use N30's and N20's in our network, and have started using port-security to lock down machines to ports etc using the following port settings:
!
interface Gi1/0/1
description "---"
switchport port-security
switchport port-security dynamic 0
switchport port-security maximum 1
switchport port-security mac-address ####.####.#### vlan #
exit
!
Which is fine, although the question has been asked if its feasible to setup mac addresses against a vlan interface instead of a switchport. At present with the above, once a mac is made static (rather than dynamic) the device will only work that port, regardless of whether other ports are not running port-security settings.
The vlan-mac locking is not essential but would offer greater flexibility. Primarily this config will be on the N20's since these are edge switches and N30's are considered as core.
Cheers,
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
July 12th, 2017 12:00
Since you are already entering every MAC address, you might want to consider using a MAC based ACL. This ACL could be configured to allow a list of MAC addresses, then deny everything else, and can be placed on the VLAN interface. The MAC ACL supports a limit of 1023 entries.
Another possibility could be MAC authentication bypass. This would need to have an authentication server setup, the server would have a list of the MAC addresses, and would use this list to authenticate clients based on the MAC address. You could also setup a secondary authentication method, which would allow for clients without a MAC entry to still be able to login with credentials.
Page 677 & 279:http://dell.to/2sXVBBp