We have 2 ProCurve switches, a 2610-48-PWR and a 2610-24-PWR. I want to lock down the ports to allow only the MAC addresses that we choose to connect to the switches. If it is not an approved MAC address, it would not be able to connect. Is this possible? I thought I read in the specs that it is, but haven't been able to figure it out. Any help would be appreciated.
with this command all port learn dynamically each mac address on port and only one mac address permision and if connect any other mac address on port port turn disable status
3-802.1x mac authentication
very secure and very flexible 802.1x operation running with radius server any client connect any port with mac authentication if connect request authorized mac address radius server approve connection on switch port
Thanks so much for your reply, that was great. Do you type those commands in the config file for the switch? I was sort of confused on that.
This is a little different question, but are you able to configure a specific port to only allow internet connection and no network access? Would that have to be a seperate VLAN?
with this command all port learn dynamically each mac address on port and only one mac address permision and if connect any other mac address on port port turn disable status
switch learn dynamically at the moment connection mac address on port and this mac address sensible authorized mac address if connect any other mac address on this port port is trun disable state
you must be turn port enable state with manuel command (eth-13)# enable
in this way unauthorized pc unable connect your switch
important note:on uplink port (switch to switch ) don't port security config
your questions
yes it is possible each port able sperate other port with source port filter command no need vlan config)# filter source-port 1 drop 2-23 with this command port 1 between port 2 to 23 connection drop port 1 permit connection only interface 24 if you connect interface 24 internet router port 1 user only comminication internet router unable connection other pc
Thanks again for your reply. If I understand you right, #2 allows you to have list of approved MAC addresses and if not one listed, the port will be turned off. Is that correct, or do you have to have a certain MAC address in a certain port? Also, where do you add this command at? In the switches config file.
