From: Subhash P (subhashccie@gmail.com)
Date: Sat Jul 28 2007 - 15:49:00 ART
Hi,
I've got a requirement to allow only a certain mac-addresses on a 2960
switch which is placed in a common area of a satellite office. This is to
confine only the mac-addresses of the systems belonging to my employees will
be allowed any sort of network access and not to anyone else. I've got
around 45 ports on the switch to be used for this purpose and have 50
mac-addresses to be allowed.
I've first tried implementing simple port-security by taking one mac-address
and trying it to apply to all switchports. The switch returns the following
error:
Switch(config)#default int range fa0/47 - 48
Switch(config)#int range fa0/47 - 48
Switch(config-if-range)#switch
Switch(config-if-range)#switchport ports
Switch(config-if-range)#switchport port
Switch(config-if-range)#switchport port-security mac
Switch(config-if-range)#switchport port-security mac-address 0000.0000.0001
Found duplicate mac-address 0000.0000.0001.
% Interface range command failed for FastEthernet0/48
I tried the above configuration on a 2950 switch and am successful without
any error. But the 2960 switch is not allowing me to do. What am I doing
wrong here? Is there any better/alternative method for implementing mac
address based security here?
Thanks in advance,
Subhash.
This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:42 ART