randy_94108 at yahoo
Jul 7, 2012, 12:20 PM
Post #2 of 3
--- On Sat, 7/7/12, Mike <mike-cisconsplist [at] tiedyenetworks> wrote:
Re: port security / prevent learning mac address
[In reply to]
> From: Mike <mike-cisconsplist [at] tiedyenetworks>
> Subject: [c-nsp] port security / prevent learning mac address
> To: "'Cisco-nsp'" <cisco-nsp [at] puck>
> Date: Saturday, July 7, 2012, 10:46 AM
> Is there a cisco feature that will learn
> a mac address on a port, and then refuse to learn that mac
> address from any other source? I have a small number of some
> critical network devices that I'd like to make sure cannot
> have their mac addresses spoofed or usurped due to loops or
> other network causes. How would this work? I have a 3560
> with ipbase software.
The simple answer is no.
You can look into the sticky-mac feature but that is per-port. You could technically accomplish what you want by enabling sticky-macs on every edge-port but not only does it not-scale, it becomes an administrative nightmare.
cisco-nsp mailing list cisco-nsp [at] puck
archive at http://puck.nether.net/pipermail/cisco-nsp/