× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi WiFi 7 RBE973
Reply

Port security, multiple MACS on multiple ports

rcommchas
Aspirant

Port security, multiple MACS on multiple ports

I have a switch that is in a relatively public place that 5 users must access. Using port security, I would like to configure 5 ports that any of the 5 users can access, but with a static (not learned) table. In other words, I want to enter the same 5 MAC addresses on 5 ports. However, when I try to enter the MACs on the second port, the attempt fails with a line of "Couldn't add MAC address" on the command line. I get a similar message with the GUI, but I can't remember the exact wording. The result is it fails. Should I be able to do this, and where am I going wrong, if so?

Model: M5300-52G (GSM7252S)|ProSAFE 48-port Gigabit L2+ Managed Stackable Switch
Message 1 of 4
Hopchen
Prodigy

Re: Port security, multiple MACS on multiple ports

Hi @rcommchas

 

I just tested in the lab and I get the same error. I will investigate and raise to the appropriate team, internally. This is not the correct behaviour!

 

In the meantime, you can make an ACL to accomplish the same thing. Below is how you do it, from the CLI.
- Replace the mac addresses with the real mac addresses that you want to allow, of course 🙂
- I have bound the ACL on 5 ports here, port 1-5. You need to adjust to whatever ports you use.

- What this ACL will do is block all traffic on those port, unless the traffic comes from a mac address in the list.

- The mac mask of 00:00:00:00:00:00 you must use for each entry. It means only this mac addr.

 

(M5300-52G) >enable
(M5300-52G) #configure
(M5300-52G) (Config)#mac access-list extended mac-acl
(M5300-52G) (Config-mac-access-list)#permit AA:AA:AA:AA:AA:AA 00:00:00:00:00:00 any
(M5300-52G) (Config-mac-access-list)#permit BB:BB:BB:BB:BB:BB 00:00:00:00:00:00 any
(M5300-52G) (Config-mac-access-list)#permit CC:CC:CC:CC:CC:CC 00:00:00:00:00:00 any
(M5300-52G) (Config-mac-access-list)#permit EE:EE:EE:EE:EE:EE 00:00:00:00:00:00 any
(M5300-52G) (Config-mac-access-list)#permit EF:EF:EF:EF:EF:EF 00:00:00:00:00:00 any
(M5300-52G) (Config-mac-access-list)#exit
(M5300-52G) (Config)#interface 1/0/1-1/0/5
(M5300-52G) (Interface 1/0/1-1/0/5)#mac access-group mac-acl in 1
(M5300-52G) (Interface 1/0/1-1/0/5)#end

 


Cheers

Message 2 of 4
rcommchas
Aspirant

Re: Port security, multiple MACS on multiple ports

Thank you for the information, and elevation of the issue. The MAC ACL is the approach we have taken for the time being.

Message 3 of 4
Hopchen
Prodigy

Re: Port security, multiple MACS on multiple ports

No problem at all.

 

I will keep you posted, probably via a PM. Thanks

Message 4 of 4
Discussion stats
  • 3 replies
  • 1324 views
  • 0 kudos
  • 2 in conversation
Announcements