Port security

[frl]

Hi,
if I want to allow just certain mac-address to access the certain port on the Cisco 2950E 24 port switch is this the right way to do it:
1.)go to config mode for interface (port)
2.) switchport port-security mac-address 0000.0000.0000
(0000.0000.0000) being the authorized station.

What will happen if some other pc with different mac-address will try to access it?

And what is the difference between
switchport port-security mac-address sticky and
switchport port-security mac-address command?

Thanks in advance!

 

[eurobadger]

Hi

What happens depends on what you set it to do next:

Switch(config-if)# switchport port-security violation {shutdown|restrict|protect}

shutdown puts the port into the errdisable state. This must be manually re-enabled or restarted with errdisable recovery.

restrict leaves the port open, but discards all packets from the unauthorised MAC address. The switch logs the violating packets & can send an SNMP trap message if required.

protect does the same as restrict with no logging.

Cisco's information on the sticky option is at:

http://www.cisco.com/en/US/products...figuration_guide_chapter09186a0080150bcd.html

although I struggle to follow its point

EB



These options may be IOS dependent also.

 

[baddos]

Also... To fix a err-disabled port, you need to remove the offending MAC address from that port using the "clear mac-address-table dynamic interface fastethernet0/1" command.

 

[frl]

Thanks!

I set it up and it works. I disabled it from the err-disabled port by shutdown and no shutdown command on for the interface.