[c-nsp] port security / prevent learning mac address
Randy
randy_94108 at yahoo.com
Sat Jul 7 15:20:55 EDT 2012
--- On Sat, 7/7/12, Mike <mike-cisconsplist at tiedyenetworks.com> wrote:
> From: Mike <mike-cisconsplist at tiedyenetworks.com>
> Subject: [c-nsp] port security / prevent learning mac address
> To: "'Cisco-nsp'" <cisco-nsp at puck.nether.net>
> Date: Saturday, July 7, 2012, 10:46 AM
> Hello,
>
> Is there a cisco feature that will learn
> a mac address on a port, and then refuse to learn that mac
> address from any other source? I have a small number of some
> critical network devices that I'd like to make sure cannot
> have their mac addresses spoofed or usurped due to loops or
> other network causes. How would this work? I have a 3560
> with ipbase software.
>
> Mike-
Hi,
The simple answer is no.
You can look into the sticky-mac feature but that is per-port. You could technically accomplish what you want by enabling sticky-macs on every edge-port but not only does it not-scale, it becomes an administrative nightmare.
./Randy
More information about the cisco-nsp
mailing list