Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Port-security

Status
Not open for further replies.
tklamb

tklamb

IS-IT--Management
Mar 24, 2008
86
CA
Here is my dilemma...I have a total of 10 POS terminals that are temporarily used on weekends and any of them could be connected to any of 5 live data jacks in a public area. I want to secure these jacks with port-security, can anyone tell me the best way to do this? I thought I could enter the 10 MAC's in each of the 5 ports and I would be golden but it appears you cannot have the same MAC statically configured on more that 1 interface...

Any thoughts?

thanks
 
Sort by date Sort by votes
Of course... a MAC ACL, thanks all.
 
Upvote 0 Downvote
OK so I did the MAC ACL... works good, permit the macs of the POS terminals deny everything else, applied it to the interfaces in. If I connect my laptop (which is not permitted)I manage to get an IP address (don't understand how) although I don't appear to have connectivity to anything.

Is this sufficient to deny access? I am kind of concerned that dhcp assigns an IP, even though there does not appear to be connectivity I would prefer a potential 'intruder' didn't get any IP information.

thoughts?
 
Upvote 0 Downvote
What is assigning dhcp? Is the port set for spantree portfast?

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
Also, I assume you checked and it's not an APIPA...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
can you post the config of your switch port that you have configured and the MAC acl?

------------------------------------
Dallas, Texas
Telecommunications Tech
CCVP, CCNA, Net+

CCNP in the works
 
Upvote 0 Downvote
Here's my config. Thanks.

interface GigabitEthernet1/0/1
description 104D178L
switchport access vlan 90
switchport mode access
switchport nonegotiate
no logging event link-status
mac access-group beer_bins in
spanning-tree portfast
spanning-tree bpduguard enable
end

Extended MAC access list beer_bins
permit host 0014.5e14.0905 any
permit host 000d.60d6.4710 any
permit host 0014.5e0f.c327 any
permit host 000d.60d6.417a any
permit host 000d.60d6.47cb any
permit host 000d.60d6.409f any
permit host 0014.5e14.0aba any
permit host 000d.60d6.4223 any
permit host 000d.60d6.4423 any
permit host 000d.60d6.41b9 any
deny any any
 
Upvote 0 Downvote
Disable spantree portfast, dhcp will time out.

Temporary solution...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
234
Zero6
Zero6
Gartech
  • Locked
  • Question
LAN Port Test Device
Replies
3
Views
237
ipohead
ipohead
BleuBell
  • Locked
  • Question
Command Rejected : Exceeded NNI ports Allowed
Replies
0
Views
170
BleuBell
BleuBell
amelamel
  • Locked
  • Question
port has faulty link
Replies
2
Views
471
ADB100
ADB100
CDIV
  • Locked
  • Question
Use uplink port as access port 2960 1
Replies
9
Views
609
CDIV
CDIV

Part and Inventory Search

Sponsor

Back
Top