2 Replies Latest reply on Jun 30, 2015 1:23 PM by noor

    enabling port security and function

    jrhodes_iwerk New Member

      Hello,

       

      I am more familiar with Cisco on this but here goes.

       

      I have a location in which security needs to be handled properly. I need a way to get learned mac addresses in or limit the amount of mac addresses that a port can learn. There really only needs to be two macs per port but we are trying to limit the amount of information gathering on our team.

       

      Is there a way to configure this?

       

      We have a 2 1638s as well as 3 1544 (I believe).

       

      We will move to 802.1x authentication once we have a new server but this is only in the planning stage and need to implement some port security. Thank you!

        • Re: enabling port security and function
          cj! Beta_User

          Hi jrhodes_iwerk:

           

          Thank you for posting your question in the Support Community.  The guide Configuring Port Access Control in AOS is excellent and includes very good explanations of the options, with GUI and CLI examples.  Perhaps the following would match what you're trying to accomplish:

          Switch (config)#interface gigabit-switchport 0/1

          Switch (config-giga-swx 0/1)#switchport port-security

          Switch (config-giga-swx 0/1)#switchport port-security sticky

          This will remember the first learned MAC address until the next reboot.  Alternately, switchport port-security sticky-volatile will make the sticky MAC addresses persist across a reboot.

           

          To apply port security to a range of interfaces at once:

          Switch (config)#interface range gigabit-switchport 0/1-48

          Switch (config-giga-swx 0/1-48)#switchport port-security

          Switch (config-giga-swx 0/1-48)#switchport port-security sticky

           

          Best,

          Chris

          • Re: enabling port security and function
            Employee

            I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

             

            Thanks,

            Noor