08-10-2023 11:11 AM - edited 08-10-2023 11:13 AM
For a long time we've been using mac based port security because for the most part desktop pcs and Example of how we are doing it now:
enable mac-locking
enable mac-locking ports 1:2
configure mac-locking ports 1:2 first-arrival limit-learning 1
configure mac-locking ports 1:2 first-arrival link-down-action retain-macs
configure mac-locking ports 1:2 trap violation on
configure mac-locking ports 1:2 log violation on
configure mac-locking ports 1:2 learn-limit-action disable-port
I would like a list of mac's instead of a solid number. We are going to hotel type solution where anyone can just plug in. Maybe desk A has person A on it today, but person B on it tomorrow and person C on it the next day. They would just plug their laptop in to the usb-c dock to utilize the local monitors, kb/mouse and network.
Previously mac-locking worked fine because they were fixed desktop pc's that didn't move for 4 years or whenever they needed to be replaced.
Maybe even an policy file acl so if your not on our list you cant DHCP and get on the network?