Solved: Re: Port security

mohammedalrawiib · ‎04-27-2024

Dears

our CTO wants the whole company mac address to be added in a port security so that nobody outside the company can access our network, is there any alternative solution for adding all the mac addresses manually.

MHM Cisco World · ‎04-27-2024

the solution is MAB

adding MAC is not prevent other MAC from ADD
adding MAC in port security will force only these MAC to use specific port

solution is MAB if the MAC not found in radius the access is deny

MHM

View solution in original post

MHM Cisco World · ‎04-27-2024

the solution is MAB

adding MAC is not prevent other MAC from ADD
adding MAC in port security will force only these MAC to use specific port

solution is MAB if the MAC not found in radius the access is deny

MHM

MHM Cisco World · ‎04-27-2024

There command to disable MAC learn under vlan' but I never test before' I will try it in my lab abd update you.

Thanks

MHM

mohammedalrawiib · ‎04-27-2024

I would really appreciate it

waiting for your feedback

mohammedalrawiib · ‎05-09-2024

Thank you

Leo Laohoo · ‎04-27-2024

Randomize MAC address is going to wreck that plan.

Marvin Rhoads · ‎04-28-2024

Network access control (NAC) is the general term for such measures. Cisco's product that does this is Identity Services Engine (ISE).

Marius Gunnerud · ‎04-28-2024

Port-security is not a good solution for what you / your CTO wants to do, I would suggest looking into using ISE and 802.1x. A much better and scaleable solution.

--
Please remember to select a correct answer and rate helpful posts