Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

MAC Address Allow List 2

Status
Not open for further replies.
CADstillo

CADstillo

IS-IT--Management
Joined
Sep 23, 2004
Messages
3
Location
US
Hello:

I need to create a MAC address list for a company I contract for on their Cisco Catalyst 2950 switches.

I have never done this before. Can anyone give me some assitance.

I have very limited CISCO interface knowledge. I know how to connect to the switch and run a few commands other than that I am totally new to CISCO switches.

Thanks
 
Sort by date Sort by votes
Hi

Can you clarify something for me but is your question:

How do I get a list of all MAC addresses on the network?

or

How do I secure a switch to accept only certain MAC addresses to connect to it?
 
Upvote 0 Downvote
Thanks KiscoKid, actually both.

I know that all of the existing devices on the network are owned by the company:

1)If I can get information on how to retrieve a list of all MAC Addresses on the network.

and then

2)With that MAC Address list, how can I secure the switches to accept only those MAC addresses (one per port) so no foreign MAC address can connect to the network?

Thanks!
 
Upvote 0 Downvote
Hmm regarding your first point (retrieving list of mac addresses), I'd probably look to do this by combining two methods:

1. Run a tool called Angry IP Scanner. With this you can scan all your internal IP networks and ask Angry Scanner to report all IP's and corresponding MAC addresses.

You can Angry IP Scanner here:
You can also use useful commands like 'show mac-address' on each of your LAN switches to see which MAC address is currently connected to which port.

2. To actually secure a particular MAC address to a switchport, all you need to do is the following:

Switch(config)#interface fa0/0
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security violation [restrict | shutdown]
Switch(config-if)# switchport port-security mac-address [mac_address]

You can verify your changes with the 'show port-security address' command

3. Unfortunately the correct application of MAC address to switchport will either mean: YOu have up-to-date records that clearly document which IP/MAC addresses are already present on the network, who is using them and where they physically connect into the network.

If you don't have this kind of documentation, I'd advise creating that document as part of this exercise. This may involve visits to each device on each port and matching the MAC address seen on the port to the owner of that MAC address.

Hope this helps
 
Upvote 0 Downvote
I will try this out after hours, yes I will make a MAC address database.
 
Upvote 0 Downvote
KiscoKid:

I have not done port security with the 2950. I think you can program it to receive the first MAC connect to it is the only MAC allow. If a second MAC is connected to the port then it will create a shutdown of the port and generate a violation to your SNMP syslog or whatever you use to monitor the network. There is no need to enter the MAC on each port.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

BleuBell
  • Locked
  • Question Question
Command Rejected : Exceeded NNI ports Allowed
Replies
0
Views
325
BleuBell
BleuBell
NavinNet
  • Locked
  • Question Question
Why 2 different mac addresses of a server are being shown of CISCO 6509E Layer-3 Switch ?
Replies
0
Views
277
NavinNet
NavinNet
steel_bender
  • Locked
  • Question Question
Allow HTTPS TCP Traffic through ASA5525
Replies
1
Views
377
Mogles49
Mogles49
dmourghen
  • Locked
  • Question Question
PBR issue and Access-list
Replies
0
Views
349
dmourghen
dmourghen
flopeedo
  • Locked
  • Question Question
Allow outbound 443 to public IP Address
Replies
0
Views
184
flopeedo
flopeedo

Part and Inventory Search

Sponsor

Back
Top