03-06-2024 09:18 AM
How do I configure switch port mac security on a switch connected to a Ruckus R550 Access Point without the switch learning the mac addresses of devices connected to the access point?
03-18-2024 09:04 AM - edited 03-18-2024 09:04 AM
Hi Dejeh1,
Adding on to the details shared, based on the requirements, where :
> if the operation is that on a port only the connected [ specific ] AP should work
> any other device or AP should be blocked on that given port.
> clients connected to the permitted AP should pass through with no second authentication or security check on the switch.
Then you could go for mac-auth for the APs on the said ports where APs are/would be connected.
where only the permitted APs will be allowed to connect across. any other device on that port wont be allowed, and with single-host mode only AP will be authenticated, rest of the clients comming off the AP will be able to go through with no issues.
Link for further reading on the single-host auth mode :
https://docs.commscope.com/bundle/fastiron-08095-securityguide/page/GUID-55419E4A-017B-42A1-9BC0-F30...
and the same can be scalled, to be applied to the rest of the ports as well if necessary or selected ports only and have the rest configured as needed.
Here however the MAC learn will still happen for all device(s) communicating via that port, howver the communication will only work given the AP connected is allowed via the auth.
Let us know your thoughts on the matter.
03-08-2024 08:47 AM
Hi Dejeh1,
Thank you for reaching us
"What I'm trying to achieve is a situation where only the First Access point connected to that switch port Mac address will be learned by the switch, if another Access point is connected to that same switch port it will block. But so far, the switch port learns both the Access point Mac address and every user connected to the Access point Mac address and we don't want this. "
Based on the above statement below is what I could understand
I suppose the above would be difficult to achieve below is the reason why
If you what only one AP to be used per switch , you can connect only one AP and remaining free ports you can choose to disable so that when a user connects another AP he would have no access to the network. And on ports where you have a wired connection to PC or other device which is not a AP device you can configure secure-mac-address max 1 per port.
I hope this helps
Thanks