Port-security mac address on 2950

Discussion in 'Cisco' started by Dak991, Nov 8, 2004.

  1. Dak991

    Dak991 Guest

    When I try to assign a MAC address to a port using SWITCHPORT
    PORT-SECURITY MAC xxxx.xxxx.xxxx, the message replies...

    FastEthernet0/9 is dynamic port. port-security parameters cannot be
    set.

    How can I force it to take the MAC address? I would like to lock down
    this port to a specific client device and shutdown if any other nic
    mac address is identified.

    Thanks in advance,
    JJMM
     
    Dak991, Nov 8, 2004
    #1
    1. Advertising

  2. Dak991

    Ivan Ostreš Guest

    In article <>,
    says...
    > When I try to assign a MAC address to a port using SWITCHPORT
    > PORT-SECURITY MAC xxxx.xxxx.xxxx, the message replies...
    >
    > FastEthernet0/9 is dynamic port. port-security parameters cannot be
    > set.
    >
    > How can I force it to take the MAC address? I would like to lock down
    > this port to a specific client device and shutdown if any other nic
    > mac address is identified.
    >


    I assume that this is happening because you do not have explicit
    "switchport mode access" on the port since it could be a problem to
    enable port security on a trunk (or port that can become trunk).


    --
    -Ivan.

    *** Use Rot13 to see my eMail address ***
     
    Ivan Ostreš, Nov 8, 2004
    #2
    1. Advertising

  3. Dak991

    Dak991 Guest

    I do not understand your reply. Can you please explain?

    JJMM




    Ivan Ostre? <> wrote in message news:<>...
    > In article <>,
    > says...
    > > When I try to assign a MAC address to a port using SWITCHPORT
    > > PORT-SECURITY MAC xxxx.xxxx.xxxx, the message replies...
    > >
    > > FastEthernet0/9 is dynamic port. port-security parameters cannot be
    > > set.
    > >
    > > How can I force it to take the MAC address? I would like to lock down
    > > this port to a specific client device and shutdown if any other nic
    > > mac address is identified.
    > >

    >
    > I assume that this is happening because you do not have explicit
    > "switchport mode access" on the port since it could be a problem to
    > enable port security on a trunk (or port that can become trunk).
     
    Dak991, Nov 9, 2004
    #3
  4. JJMM,
    Is FastEthernet0/9 a trunk link or just a regular access link
    (i.e. one client attached to it)?. Port-security parameters can not be
    set on a trunk link or a link setup as dynamic, meaning they can
    negotiate with a trunk link and become a trunk link. So Ivan was
    suggesting you configure FastEthernet0/9 with the command "switchport
    mode access" to take the port out of dynamic mode and make it just an
    access port. If FastEthernet0/9 is indeed a trunk link or maybe become
    one then port-security is not an option.

    Hope this clarifies things...
    Good Luck

    -Robert

    On 9 Nov 2004 03:29:55 -0800, (Dak991) wrote:

    >I do not understand your reply. Can you please explain?
    >
    >JJMM
    >
    >
    >
    >
    >Ivan Ostre? <> wrote in message news:<>...
    >> In article <>,
    >> says...
    >> > When I try to assign a MAC address to a port using SWITCHPORT
    >> > PORT-SECURITY MAC xxxx.xxxx.xxxx, the message replies...
    >> >
    >> > FastEthernet0/9 is dynamic port. port-security parameters cannot be
    >> > set.
    >> >
    >> > How can I force it to take the MAC address? I would like to lock down
    >> > this port to a specific client device and shutdown if any other nic
    >> > mac address is identified.
    >> >

    >>
    >> I assume that this is happening because you do not have explicit
    >> "switchport mode access" on the port since it could be a problem to
    >> enable port security on a trunk (or port that can become trunk).
     
    Robert B. Phillips, II, Nov 9, 2004
    #4
  5. Dak991

    Ivan Ostreš Guest

    In article <>, phir0002
    @bellsouth.net says...
    > JJMM,
    > Is FastEthernet0/9 a trunk link or just a regular access link
    > (i.e. one client attached to it)?. Port-security parameters can not be
    > set on a trunk link or a link setup as dynamic, meaning they can
    > negotiate with a trunk link and become a trunk link. So Ivan was
    > suggesting you configure FastEthernet0/9 with the command "switchport
    > mode access" to take the port out of dynamic mode and make it just an
    > access port. If FastEthernet0/9 is indeed a trunk link or maybe become
    > one then port-security is not an option.
    >
    >


    Nice explanation :). Thanks

    --
    -Ivan.

    *** Use Rot13 to see my eMail address ***
     
    Ivan Ostreš, Nov 9, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Manfred Steinbacher

    Port Security on mac-address(es)

    Manfred Steinbacher, Mar 4, 2004, in forum: Cisco
    Replies:
    1
    Views:
    1,379
    Terry Baranski
    Mar 5, 2004
  2. Michael

    Port Security with mac address

    Michael, May 14, 2004, in forum: Cisco
    Replies:
    2
    Views:
    1,137
    Peter
    May 14, 2004
  3. AM
    Replies:
    3
    Views:
    14,885
    Jonathan
    Jul 1, 2005
  4. Replies:
    6
    Views:
    6,229
  5. ttripp
    Replies:
    5
    Views:
    2,301
    Thrill5
    Feb 5, 2010
Loading...

Share This Page