Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Question Regarding MAC security Feature BP-470 48T

Status
Not open for further replies.
plastiiq

plastiiq

IS-IT--Management
Dec 11, 2004
17
0
0
CA
Hi all,

I'm not very experienced with these switches and these forums have always been very useful to me.

My question is:

Can I provide the switch a list of MAC addresses that are authorized to connect and pass traffic and drop everything else? I did some reading and it looked like I could do something like this however it seemed to be even more granular. By this I mean it seemed I was compelled to tell the switch which ports the MACs can talk to.

I was looking for some way to allow all authorized MACS to talk to all ports on this stack. Is this possible? Is there some document I may have missed that has this info?

Thanks very much in advance for your help!
 
Sort by date Sort by votes
Hi,

I have no experience with MAC security on these switches but what i know is.

- MAC address security was always possible by auto learning or providing a list of MAC addresses. For me this seems not maintenance friendly, you have to visit all switches again when there is a change in the allowed MAC table list.

- Since some time the same should be possible with EAPOL where the switch can check a MAC address on a radius server. This is easier to maintain due to a centralized db.

b.s.
WH
 
Upvote 0 Downvote
You CAN do that but it is kind of a pain.

When you enable MAC security it is by port, so if you enter MAC addresses manually you have to specify the port that it will be on.

So what you COULD do is manually enter each MAC on every port...so that would be X MAC address entries on each of the 48 ports.

Unless users are constantly moving around, not certain what benefit it would provide to do that however.
 
Upvote 0 Downvote
It is possible to set the switch in auto learning mode for some time and then stop this.
It is possible to allow one specific MAC address on a port or to allow a list of mac addresses on a number of ports.
It is also possible to upload the MAC address list to the switch.
But all this is difficult to maintain in a moving environment.

with the latest switch SW it should be possible to "authenticate against an allowed MAC address list on a radius server.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

VRRyan
  • Locked
  • Question
Nortel 5520-48T-PWR Console Issues
Replies
0
Views
74
VRRyan
VRRyan
kramer22
  • Locked
  • Question
Have a inbound call question.
Replies
2
Views
50
kramer22
kramer22
R Wills
  • Locked
  • Question
Avaya Site Admin for MAC's on Avaya 8710
Replies
0
Views
48
R Wills
R Wills
cbrittain
  • Locked
  • Question
Option 11C Call Group Question
Replies
0
Views
24
cbrittain
cbrittain
magesh2019
  • Locked
  • Question
Avaya Switch Question
Replies
0
Views
29
magesh2019
magesh2019

Part and Inventory Search

Sponsor

Back
Top