From: Jason Sinclair (sinclairj@xxxxxxxxxxxxxxx)
Date: Sun Aug 18 2002 - 22:40:33 GMT-3
Rick,
I agree - also you can send this to the cisco ccie email address to ensure
that action is taken.
Regards,
Jason Sinclair CCIE #9100
Manager, Network Control Centre
POWERTEL
55 Clarence Street,
SYDNEY NSW 2000
AUSTRALIA
office: + 61 2 8264 3820
mobile: + 61 416 105 858
email: sinclairj@powertel.com.au
-----Original Message-----
From: Bauer, Rick [mailto:BAUERR@toysrus.com]
Sent: Friday, 16 August 2002 23:05
To: 'ccielab@groupstudy.com'
Subject: FW: Port security
This the kind of "S" that F!@#$ing burns me up! Please read this thread. I
truly hope Cisco is listening!
Rick, #9482
-----Original Message-----
From: Bauer, Rick
Sent: Friday, August 16, 2002 9:01 AM
To: 'Gary Gerofsky'
Subject: RE: Port security
That is exactly why I am not going to help, this a F##$ing violation of NDA.
Do not cheapen what so many of us have worked so hard for. I can't believe
that you would even ask some this. I'm done, do not even bother to contact
me again.
-----Original Message-----
From: Gary Gerofsky [mailto:ggerofsky@yahoo.com]
Sent: Friday, August 16, 2002 8:38 AM
To: Bauer, Rick
Subject: RE: Port security
Rick,
Do not pass this on. I am unable to find the solution
which is why I am asking.
This is how I remember the question, and it was worth
like 5 marks and I failed by 1-2 marks so I do not
want to fail on this topic at the least.
You need to connect a Sniffer, security is critical
for the user. The Sniffer does not transmit any
packets, it has a mac-address of 00-50-8b-5d-6b-25
and ip address of 156.10.1.100. Configure the switch
appropriately. I am not sure if you had to span a
VLAN or just one port to the span port but that is
easy.
Obviously the IP and mac are picked out of air. I do
not remember the real ones.
What I did is applied both port security and SPAN.
Later I found out from CCO the two are exclusive so I
know I lost all the 5 marks here for sure.
--- "Bauer, Rick" <BAUERR@toysrus.com> wrote:
> I know the answer, what I meant was why don't you
> want me to forward the
> question. I seems kind of sketchy to me.
>
> Rick, #9482
>
> -----Original Message-----
> From: Gary Gerofsky [mailto:ggerofsky@yahoo.com]
> Sent: Tuesday, August 13, 2002 5:18 PM
> To: Bauer, Rick
> Subject: RE: Port security
>
>
> Thought you might know the answer
> --- "Bauer, Rick" <BAUERR@toysrus.com> wrote:
> > Why?
> >
> > -----Original Message-----
> > From: Gary Gerofsky [mailto:ggerofsky@yahoo.com]
> > Sent: Sunday, August 11, 2002 7:03 PM
> > To: BAUERR@toysrus.com
> > Subject: Port security
> >
> >
> > Hi Rick,
> > Please do not forward this question to anyone. I
> > have
> > not been able to figure this out.
> > What if the question was
> > You have a span port and you are provided a MAC
> > address + IP address.
> > The sniffer does not broadcast any packet.
> > Configure the Catalyst.
> >
> > How the hell do you do this?
> > SPAN + port security do not work together.
> >
> >
> > -----Original Message-----
> > From: Bauer, Rick [mailto:BAUERR@toysrus.com]
> > Sent: Tuesday, July 23, 2002 7:15 AM
> > To: 'ajitmohanraj'; Johnny Peterson
> > Cc: ccielab@groupstudy.com
> > Subject: RE: Catalyst 5000 Port Security
> >
> >
> > One way to accomplish this would be to use a
> > combination of port security
> > and a static arp entry. Port Security associates
> the
> > mac with the port and
> > the static arp would associate the ip address with
> > the
> > mac, done. HTH...
> >
> > Rick, #9482
> >
> > -----Original Message-----
> > From: ajitmohanraj [mailto:ajitmohanraj@vsnl.com]
> > Sent: Tuesday, July 23, 2002 2:13 AM
> > To: Johnny Peterson
> > Cc: ccielab@groupstudy.com
> > Subject: Fw: Catalyst 5000 Port Security
> >
> >
> > follow the example of the vlan-name "purple" and
> > watch
> > how it ties up the
> > Mac address -> To Valn name -> To Ip address -> To
> > port at the end under the
> > VLAN Port Policies !!
> >
> > Or am I missing something ???
> > ----- Original Message -----
> > From: "ajitmohanraj" <ajitmohanraj@vsnl.com>
> > To: "Johnny Peterson" <johnny@virtualrack.net>
> > Cc: <ccielab@groupstudy.com>
> > Sent: Tuesday, July 23, 2002 11:30 AM
> > Subject: Re: Catalyst 5000 Port Security
> >
> >
> > > Could you not work something out with the VMPS
> > Database ...specifically
> > > under the VLAN PORT POLICIES (as indicated
> towards
> > the end of this sample
> > > file eg) ?? I think that would answer the
> question
> > sought
> > >
> > > Regards
> > > Ajit
> > >
> > >
> > > VMPS Database Configuration File Example
> > > This example shows a sample VMPS database
> > configuration file. A VMPS
> > > database configuration file is an ASCII text
> file
> > that is stored on a TFTP
> > > server accessible to the switch that functions
> as
> > the VMPS server.
> > >
> > > !vmps domain <domain-name>
> > > ! The VMPS domain must be defined.
> > > !vmps mode { open | secure }
> > > ! The default mode is open.
> > > !vmps fallback <vlan-name>
> > > !vmps no-domain-req { allow | deny }
> > > !
> > > ! The default value is allow.
> > > vmps domain WBU
> > > vmps mode open
> > > vmps fallback default
> > > vmps no-domain-req deny
> > > !
> > > !
> > > !MAC Addresses
> > > !
> > > vmps-mac-addrs
> > > !
> > > ! address <addr> vlan-name <vlan_name>
> > > !
> > > address 0012.2233.4455 vlan-name hardware
> > > address 0000.6509.a080 vlan-name hardware
> > > address aabb.ccdd.eeff vlan-name Green
> > > address 1223.5678.9abc vlan-name ExecStaff
> > > address fedc.ba98.7654 vlan-name --NONE--
> > > address fedc.ba23.1245 vlan-name Purple
> > > !
> > > !Port Groups
> > > !
> > > !vmps-port-group <group-name>
> > > ! device <device-id> { port <port-name> |
> > all-ports
> > }
> > > !
> > > vmps-port-group WiringCloset1
> > > device 198.92.30.32 port 3/2
> > > device 172.20.26.141 port 2/8
> > > vmps-port-group "Executive Row"
> > > device 198.4.254.222 port 1/2
> > > device 198.4.254.222 port 1/3
> > > device 198.4.254.223 all-ports
> > > !
> > > !
> > > !VLAN groups
> > > !
> > > !vmps-vlan-group <group-name>
> > > ! vlan-name <vlan-name>
> > > !
> > > vmps-vlan-group Engineering
> > > vlan-name hardware
> > > vlan-name software
> > > !
> > > !
> > > !VLAN port Policies
> > > !
> > > !vmps-port-policies {vlan-name <vlan_name> |
> > vlan-group <group-name> }
> > > ! { port-group <group-name> | device <device-id>
> > port <port-name> }
> > > !
> > > vmps-port-policies vlan-group Engineering
> > > port-group WiringCloset1
> > > vmps-port-policies vlan-name Green
> > > device 198.92.30.32 port 4/8
> > > vmps-port-policies vlan-name Purple
> > > device 198.4.254.22 port 1/2
> > > port-group "Executive Row"
> > >
> > >
> > > ----- Original Message -----
> > > From: "Johnny Peterson" <johnny@virtualrack.net>
> > > To: <ccielab@groupstudy.com>
> > > Sent: Tuesday, July 23, 2002 7:16 AM
> > > Subject: RE: Catalyst 5000 Port Security
> > >
> > >
> > > > Port security on the Cat 5000/5500 series is
> > restricted to Layer 2,
> > which
> > > > means you will only be able to restrict by MAC
> > address.
> > > >
> > > > Regards,
> > > > JP
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com
> > [mailto:nobody@groupstudy.com]On Behalf Of
> > > > alex fayn
> > > > Sent: Monday, July 22, 2002 7:50 PM
> > > > To: ccielab@groupstudy.com
> > > > Subject: Catalyst 5000 Port Security
> > > >
> > > >
> > > > Is it possible to restrict catalyst ports to
> > specific ip addresses in
> > > > addition to specific MAC addresses?
>
=== message truncated ===
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:28 GMT-3