Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Port Security Command

AAPP Toledo
Frequent Advisor

Port Security Command

Hi to All,

Anyone used/configured this command?

I need that ONLY 3 PC's reach a Printer. So...I configured this on my 5406zl but doesn't work:

AAPP-CPD1(eth-D17)# show port-security d17

Port Security

Port : D17
Learn Mode [Continuous] : Configured
Address Limit [1] : 4
Action [None] : Send Alarm

Authorized Addresses
--------------------
001372-763426 (PC)
001aa0-cf12be (PC)
00206b-c020c3
003005-c2d124 (PC)


Doesn't work 'cause not only the 3 MACs reach the Printer but all the people can reach the printer.

The problem can be that I include the Printer's MAC on the Port-Security command?

The printer is connected in the D17 port.


Thanks a lot in advance and greetings from Spain.


Mariano.

6 REPLIES
cenk sasmaztin
Honored Contributor

Re: Port Security Command

hi Mariano

port-security for connection security on switch or network
switch learn mac address or addresses on port and connect network

port-securtiy unable reachable or unreacable between host's

you need acl configuration
cenk

Ralf Krause
Frequent Advisor

Re: Port Security Command

Hi Mariano,

I agree with Cenk; port-security definitively is the wrong feature to achiev the desired communication limitation.

I would consider either ACLs (as suggested by Cenk), or - if you want to do it on an OSI level below 3 - think about source-port filtering.

You will find ACL documentation at:
http://cdn.procurve.com/training/Manuals/3500-5400-6200-6600-8200-ASG-Mar10-10-ACLs.pdf

Source-port-filtering is described here:
http://cdn.procurve.com/training/Manuals/3500-5400-6200-6600-8200-ASG-Mar10-12-TrafficSecFilters.pdf

(With both links, I assume ProVision based switches [yl/zl series])

Regards,
Ralf
AAPP Toledo
Frequent Advisor

Re: Port Security Command

Hi Cenk & Ralf,

Thanks for your answers.... but I've tried with ACLs but was impossible.... This is my ACL configured in a 5406zl:

10 permit ip 10.128.180.41 0.0.0.0 10.128.183.226 0.0.0.0
11 permit ip 10.128.180.105 0.0.0.0 10.128.183.226 0.0.0.0
20 permit ip 10.128.180.14 0.0.0.0 10.128.183.227 0.0.0.0
21 permit ip 10.128.180.12 0.0.0.0 10.128.183.227 0.0.0.0
40 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255

And it was applied to the VLAN:

vlan 180
name "PCs Impresoras"
untagged B1-B17,B19-B24,C1-C12,D1,D3,D5,D7,D12-D13,D17
ip address 10.128.180.8 255.255.252.0
tagged Trk1-Trk5,Trk10
ip access-group "Firewall Impresoras" in
ip access-group "Firewall Impresoras" out
exit

What's wrong?

Many many thanks in advance for your answers & greetings from Madrid.

Mariano.

cenk sasmaztin
Honored Contributor

Re: Port Security Command

please send me sh run print your 5400 switch
cenk

AAPP Toledo
Frequent Advisor

Re: Port Security Command

Hi Cenk,

Thanks a lot for your time and your patience. I send you a attached (TXT file) with the configuration of my 5406zl.

Thanks in advance.


Mariano.
AAPP Toledo
Frequent Advisor

Re: Port Security Command

Hi Cenk...

Any news??

Thanks in advance...


Mariano.