Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Bind Mac to port
- Thread starter paul00
- Start date
Yes, eg. on 2950 or 3550 use:
Switch(config)# mac address-table static <MAC-ADDR> vlan <VLAN-ID> interface <TYPE-NUMBER>
MAC-ADDR - mac address of client connected to this port
VLAN-ID - Vlan number this port is member of (if you don't use VLANs, just give number 1)
TYPE-NUMBER - actual port on the switch, eg. fa0/2
Peter Mesjar
CCNP, A+ certified
pmesjar@centrum.sk
"The only true wisdom is in knowing you know nothing.
Switch(config)# mac address-table static <MAC-ADDR> vlan <VLAN-ID> interface <TYPE-NUMBER>
MAC-ADDR - mac address of client connected to this port
VLAN-ID - Vlan number this port is member of (if you don't use VLANs, just give number 1)
TYPE-NUMBER - actual port on the switch, eg. fa0/2
Peter Mesjar
CCNP, A+ certified
pmesjar@centrum.sk
"The only true wisdom is in knowing you know nothing.
computerhighguy
IS-IT--Management
Will this make it so that only that MAC address can use that port? How would I make is so that only secure MAC addresses can beused on a particular port on a 3550?
It is what it is!!
__________________________________
A+, Net+, I-Net+, Certified Web Master, MCP, MCSA, MCSE, CCNA, CCDA, and few others (I got bored one day)
It is what it is!!
__________________________________
A+, Net+, I-Net+, Certified Web Master, MCP, MCSA, MCSE, CCNA, CCDA, and few others (I got bored one day)
Configuring static mac address this way will not prevent that port from learning additional mac addresses dynamically. If you need to have just one MAC address using the port at any given time, use port security via:
Switch(config-if)# switchport port-security
In order for port security to work, enter the upper command without any additional keywords. Also you can check whether the port security is enabled using:
Switch# show port-security
Peter Mesjar
CCNP, A+ certified
pmesjar@centrum.sk
"The only true wisdom is in knowing you know nothing.
Switch(config-if)# switchport port-security
In order for port security to work, enter the upper command without any additional keywords. Also you can check whether the port security is enabled using:
Switch# show port-security
Peter Mesjar
CCNP, A+ certified
pmesjar@centrum.sk
"The only true wisdom is in knowing you know nothing.
kcbell
IS-IT--Management
- Dec 27, 2001
- 275
- 0
- 0
Paul00:
I am talking about 1900 switches here. If it is available for 1900 and it should available for 3550.
For "menu" interface you do the following:
1) "remove all addresses" for that port
2) enable "addressing security"
3) set "Address table size" to 1
4) enable port
The first computer connects to this port will register its mac to the port. If someone plug in another computer to this port, the port is locked even if the original computer is plugged into this port. The status LED will turn amber and status of the port will be "Diabled-violation"
Following is for "command line" interface:
interface Ethernet 0/1
port secure
port secure max-mac-count 1
spantree cost 3100
vlan-membership static 3
description "test port"
Hope this help!
I am talking about 1900 switches here. If it is available for 1900 and it should available for 3550.
For "menu" interface you do the following:
1) "remove all addresses" for that port
2) enable "addressing security"
3) set "Address table size" to 1
4) enable port
The first computer connects to this port will register its mac to the port. If someone plug in another computer to this port, the port is locked even if the original computer is plugged into this port. The status LED will turn amber and status of the port will be "Diabled-violation"
Following is for "command line" interface:
interface Ethernet 0/1
port secure
port secure max-mac-count 1
spantree cost 3100
vlan-membership static 3
description "test port"
Hope this help!
- Status
Similar threads
- Locked
- Question