Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Cisco: NSP

port security / prevent learning mac address

  

 
Cisco nsp RSS feed   Index | Next | Previous | View Threaded


mike-cisconsplist at tiedyenetworks

Jul 7, 2012, 10:46 AM

Post #1 of 3 (291 views)
Permalink
port security / prevent learning mac address
Hello,

Is there a cisco feature that will learn a mac address on a port, and
then refuse to learn that mac address from any other source? I have a
small number of some critical network devices that I'd like to make sure
cannot have their mac addresses spoofed or usurped due to loops or other
network causes. How would this work? I have a 3560 with ipbase software.

Mike-

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


randy_94108 at yahoo

Jul 7, 2012, 12:20 PM

Post #2 of 3 (268 views)
Permalink
Re: port security / prevent learning mac address [In reply to]
--- On Sat, 7/7/12, Mike <mike-cisconsplist [at] tiedyenetworks> wrote:

> From: Mike <mike-cisconsplist [at] tiedyenetworks>
> Subject: [c-nsp] port security / prevent learning mac address
> To: "'Cisco-nsp'" <cisco-nsp [at] puck>
> Date: Saturday, July 7, 2012, 10:46 AM
> Hello,
>
>     Is there a cisco feature that will learn
> a mac address on a port, and then refuse to learn that mac
> address from any other source? I have a small number of some
> critical network devices that I'd like to make sure cannot
> have their mac addresses spoofed or usurped due to loops or
> other network causes. How would this work? I have a 3560
> with ipbase software.
>
> Mike-

Hi,
The simple answer is no.
You can look into the sticky-mac feature but that is per-port. You could technically accomplish what you want by enabling sticky-macs on every edge-port but not only does it not-scale, it becomes an administrative nightmare.
./Randy

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


mack.mcbride at viawest

Jul 10, 2012, 9:59 AM

Post #3 of 3 (248 views)
Permalink
Re: port security / prevent learning mac address [In reply to]
The best method would be to isolate those devices on a single vlan and use port security for everything on that vlan.

Mack

-----Original Message-----
From: cisco-nsp-bounces [at] puck [mailto:cisco-nsp-bounces [at] puck] On Behalf Of Mike
Sent: Saturday, July 07, 2012 11:47 AM
To: 'Cisco-nsp'
Subject: [c-nsp] port security / prevent learning mac address

Hello,

Is there a cisco feature that will learn a mac address on a port, and then refuse to learn that mac address from any other source? I have a small number of some critical network devices that I'd like to make sure cannot have their mac addresses spoofed or usurped due to loops or other network causes. How would this work? I have a 3560 with ipbase software.

Mike-

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Cisco nsp RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.