From: Michael Snyder (msnyder@xxxxxxx)
Date: Mon Aug 19 2002 - 22:04:25 GMT-3
http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=Gary+Gerofsky+sit
e%3Awww.groupstudy.com&btnG=Google+Search
Now do a google with your name or email address site:www.groupstudy.com
I got about 100 hits. Gary Gerofsky or his email address gets none.
Which leads me to believe that either Gary Gerofsky isn't group member,
or google has never spidered thru his message posts.
Further more, I not sure the issue named in the thread exists. It may,
but it's not in the main docs.
The whole thing reads like a high school misinformation campaign.
Don't trust this message thread nor the issues named in it.
Now back to studying.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jason Sinclair
Sent: Sunday, August 18, 2002 8:41 PM
To: 'Bauer, Rick'; 'ccielab@groupstudy.com'
Subject: RE: Port security
Rick,
I agree - also you can send this to the cisco ccie email address to
ensure
that action is taken.
Regards,
Jason Sinclair CCIE #9100
Manager, Network Control Centre
POWERTEL
55 Clarence Street,
SYDNEY NSW 2000
AUSTRALIA
office: + 61 2 8264 3820
mobile: + 61 416 105 858
email: sinclairj@powertel.com.au
-----Original Message-----
From: Bauer, Rick [mailto:BAUERR@toysrus.com]
Sent: Friday, 16 August 2002 23:05
To: 'ccielab@groupstudy.com'
Subject: FW: Port security
This the kind of "S" that F!@#$ing burns me up! Please read this thread.
I
truly hope Cisco is listening!
Rick, #9482
-----Original Message-----
From: Bauer, Rick
Sent: Friday, August 16, 2002 9:01 AM
To: 'Gary Gerofsky'
Subject: RE: Port security
That is exactly why I am not going to help, this a F##$ing violation of
NDA.
Do not cheapen what so many of us have worked so hard for. I can't
believe
that you would even ask some this. I'm done, do not even bother to
contact
me again.
-----Original Message-----
From: Gary Gerofsky [mailto:ggerofsky@yahoo.com]
Sent: Friday, August 16, 2002 8:38 AM
To: Bauer, Rick
Subject: RE: Port security
Rick,
Do not pass this on. I am unable to find the solution
which is why I am asking.
This is how I remember the question, and it was worth
like 5 marks and I failed by 1-2 marks so I do not
want to fail on this topic at the least.
You need to connect a Sniffer, security is critical
for the user. The Sniffer does not transmit any
packets, it has a mac-address of 00-50-8b-5d-6b-25
and ip address of 156.10.1.100. Configure the switch
appropriately. I am not sure if you had to span a
VLAN or just one port to the span port but that is
easy.
Obviously the IP and mac are picked out of air. I do
not remember the real ones.
What I did is applied both port security and SPAN.
Later I found out from CCO the two are exclusive so I
know I lost all the 5 marks here for sure.
--- "Bauer, Rick" <BAUERR@toysrus.com> wrote:
> I know the answer, what I meant was why don't you
> want me to forward the
> question. I seems kind of sketchy to me.
>
> Rick, #9482
>
> -----Original Message-----
> From: Gary Gerofsky [mailto:ggerofsky@yahoo.com]
> Sent: Tuesday, August 13, 2002 5:18 PM
> To: Bauer, Rick
> Subject: RE: Port security
>
>
> Thought you might know the answer
> --- "Bauer, Rick" <BAUERR@toysrus.com> wrote:
> > Why?
> >
> > -----Original Message-----
> > From: Gary Gerofsky [mailto:ggerofsky@yahoo.com]
> > Sent: Sunday, August 11, 2002 7:03 PM
> > To: BAUERR@toysrus.com
> > Subject: Port security
> >
> >
> > Hi Rick,
> > Please do not forward this question to anyone. I
> > have
> > not been able to figure this out.
> > What if the question was
> > You have a span port and you are provided a MAC
> > address + IP address.
> > The sniffer does not broadcast any packet.
> > Configure the Catalyst.
> >
> > How the hell do you do this?
> > SPAN + port security do not work together.
> >
> >
> > -----Original Message-----
> > From: Bauer, Rick [mailto:BAUERR@toysrus.com]
> > Sent: Tuesday, July 23, 2002 7:15 AM
> > To: 'ajitmohanraj'; Johnny Peterson
> > Cc: ccielab@groupstudy.com
> > Subject: RE: Catalyst 5000 Port Security
> >
> >
> > One way to accomplish this would be to use a
> > combination of port security
> > and a static arp entry. Port Security associates
> the
> > mac with the port and
> > the static arp would associate the ip address with
> > the
> > mac, done. HTH...
> >
> > Rick, #9482
> >
> > -----Original Message-----
> > From: ajitmohanraj [mailto:ajitmohanraj@vsnl.com]
> > Sent: Tuesday, July 23, 2002 2:13 AM
> > To: Johnny Peterson
> > Cc: ccielab@groupstudy.com
> > Subject: Fw: Catalyst 5000 Port Security
> >
> >
> > follow the example of the vlan-name "purple" and
> > watch
> > how it ties up the
> > Mac address -> To Valn name -> To Ip address -> To
> > port at the end under the
> > VLAN Port Policies !!
> >
> > Or am I missing something ???
> > ----- Original Message -----
> > From: "ajitmohanraj" <ajitmohanraj@vsnl.com>
> > To: "Johnny Peterson" <johnny@virtualrack.net>
> > Cc: <ccielab@groupstudy.com>
> > Sent: Tuesday, July 23, 2002 11:30 AM
> > Subject: Re: Catalyst 5000 Port Security
> >
> >
> > > Could you not work something out with the VMPS
> > Database ...specifically
> > > under the VLAN PORT POLICIES (as indicated
> towards
> > the end of this sample
> > > file eg) ?? I think that would answer the
> question
> > sought
> > >
> > > Regards
> > > Ajit
> > >
> > >
> > > VMPS Database Configuration File Example
> > > This example shows a sample VMPS database
> > configuration file. A VMPS
> > > database configuration file is an ASCII text
> file
> > that is stored on a TFTP
> > > server accessible to the switch that functions
> as
> > the VMPS server.
> > >
> > > !vmps domain <domain-name>
> > > ! The VMPS domain must be defined.
> > > !vmps mode { open | secure }
> > > ! The default mode is open.
> > > !vmps fallback <vlan-name>
> > > !vmps no-domain-req { allow | deny }
> > > !
> > > ! The default value is allow.
> > > vmps domain WBU
> > > vmps mode open
> > > vmps fallback default
> > > vmps no-domain-req deny
> > > !
> > > !
> > > !MAC Addresses
> > > !
> > > vmps-mac-addrs
> > > !
> > > ! address <addr> vlan-name <vlan_name>
> > > !
> > > address 0012.2233.4455 vlan-name hardware
> > > address 0000.6509.a080 vlan-name hardware
> > > address aabb.ccdd.eeff vlan-name Green
> > > address 1223.5678.9abc vlan-name ExecStaff
> > > address fedc.ba98.7654 vlan-name --NONE--
> > > address fedc.ba23.1245 vlan-name Purple
> > > !
> > > !Port Groups
> > > !
> > > !vmps-port-group <group-name>
> > > ! device <device-id> { port <port-name> |
> > all-ports
> > }
> > > !
> > > vmps-port-group WiringCloset1
> > > device 198.92.30.32 port 3/2
> > > device 172.20.26.141 port 2/8
> > > vmps-port-group "Executive Row"
> > > device 198.4.254.222 port 1/2
> > > device 198.4.254.222 port 1/3
> > > device 198.4.254.223 all-ports
> > > !
> > > !
> > > !VLAN groups
> > > !
> > > !vmps-vlan-group <group-name>
> > > ! vlan-name <vlan-name>
> > > !
> > > vmps-vlan-group Engineering
> > > vlan-name hardware
> > > vlan-name software
> > > !
> > > !
> > > !VLAN port Policies
> > > !
> > > !vmps-port-policies {vlan-name <vlan_name> |
> > vlan-group <group-name> }
> > > ! { port-group <group-name> | device <device-id>
> > port <port-name> }
> > > !
> > > vmps-port-policies vlan-group Engineering
> > > port-group WiringCloset1
> > > vmps-port-policies vlan-name Green
> > > device 198.92.30.32 port 4/8
> > > vmps-port-policies vlan-name Purple
> > > device 198.4.254.22 port 1/2
> > > port-group "Executive Row"
> > >
> > >
> > > ----- Original Message -----
> > > From: "Johnny Peterson" <johnny@virtualrack.net>
> > > To: <ccielab@groupstudy.com>
> > > Sent: Tuesday, July 23, 2002 7:16 AM
> > > Subject: RE: Catalyst 5000 Port Security
> > >
> > >
> > > > Port security on the Cat 5000/5500 series is
> > restricted to Layer 2,
> > which
> > > > means you will only be able to restrict by MAC
> > address.
> > > >
> > > > Regards,
> > > > JP
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com
> > [mailto:nobody@groupstudy.com]On Behalf Of
> > > > alex fayn
> > > > Sent: Monday, July 22, 2002 7:50 PM
> > > > To: ccielab@groupstudy.com
> > > > Subject: Catalyst 5000 Port Security
> > > >
> > > >
> > > > Is it possible to restrict catalyst ports to
> > specific ip addresses in
> > > > addition to specific MAC addresses?
>
=== message truncated ===
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:30 GMT-3