SWITCH PORT SECURITY: STICKY MAC


TOPICS

SCENARIO

CONFIGURATION

HOW TO VERIFY


SCENARIO

Below are the details,

  1. IP phones are connected at the switch port. We are facing problem that users are changing IP phones location at their own.

  2. We need to bind the IP phone mac or simply fix the position of IP phone on switch port.

  3. We can fix the maximum no. of devices which can be connected on a switch port.


CONFIGURATION

Switch(config)# interface fastethernet 1/1
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 2
Switch(config-if)# switchport port-security mac-address sticky

 

COMMENT

Here, at the switch port at maximum 2 devices can be connected.


 

HOW TO VERIFY

sw4#sh running-config int fa0/29
interface FastEthernet0/29
switchport access vlan 173
switchport trunk encapsulation dot1q
switchport trunk native vlan 173
switchport trunk allowed vlan 173,174
switchport mode trunk
switchport voice vlan 174
switchport port-security maximum 2
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0017.65fd.d495 vlan 174
power inline consumption 6300
power inline auto max 7700
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
priority-queue out
mls qos trust cos
snmp trap mac-notification change added
snmp trap mac-notification change removed
auto qos voip trust
spanning-tree portfast

COMMENT

MAC ADDRESS, 0017.65fd.d495, is the mac address of the connected device. It is learnt by itself. It is not configured.

 

sw4#sh port-security
Secure Port  MaxSecureAddr  CurrentAddr  SecurityViolation  Security Action

(Count)       (Count)          (Count)

Fa0/29              2            1                  0         Shutdown

Total Addresses in System (excluding one mac per port)     : 0
Max Addresses limit in System (excluding one mac per port) : 6144

COMMENT

If policy is voilated, switch port will get shut down. This is the action taken.

 


Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s