RE: CAT3550: switchport port-security

From: Emad (emad@zakq8.com)
Date: Sun Jun 22 2003 - 01:41:55 GMT-3

• Next message: wing_lam@jossynergy.com: "RE: helper address"
• Previous message: Brian Dennis: "RE: Frame Relay question"
• Maybe in reply to: Emad : "CAT3550: switchport port-security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanx a lot

-----Original Message-----
From: Volkov, Dmitry (IDS Canada) [mailto:dmitry_volkov@ca.ml.com]
Sent: Sunday, June 22, 2003 7:17 AM
To: 'Emad '; 'John Matijevic'
Cc: ccielab@groupstudy.com
Subject: RE: CAT3550: switchport port-security

Hope it help:

s3550#sh run int fa0/1
!
interface FastEthernet0/1
 switchport access vlan 10
 no ip address
end
!
s3550#conf t
Enter configuration commands, one per line. End with CNTL/Z.
s3550(config)#int fa0/1
s3550(config-if)#sw
s3550(config-if)#switchport po
s3550(config-if)#switchport port-security
FastEthernet0/1 is a dynamic port. Port-security parameters can not be
set.

s3550(config-if)#switchport mode access
s3550(config-if)#switchport port-security
s3550(config-if)#^Z
s3550#sh port-sec
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security
Action
                    (Count) (Count) (Count)
------------------------------------------------------------------------

----
---
     Fa0/1           1               1             0
Shutdown
------------------------------------------------------------------------
----
---
Total Addresses in System : 1
Max Addresses limit in System : 128
!
s3550#sh run int fa0/1
Building configuration...
Current configuration : 125 bytes
!
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 switchport port-security
 no ip address
end
!
s3550#wr mem
Building configuration...
[OK]
s3550#sh start | be 0/1
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 switchport port-security
 no ip address
!
s3550#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
s3550(config)#int fa0/1
s3550(config-if)#switchport port-security mac-address sticky    
s3550(config-if)#^Z
s3550#sh run int fa0/1
Building configuration...
Current configuration : 230 bytes
!
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 switchport port-security
 switchport port-security mac-address sticky
 switchport port-security mac-address sticky 0050.3ef0.d6c0 <-----
LEARNED
!!!
 no ip address
end
s3550#sh start | be 0/1
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 switchport port-security
 no ip address
!
s3550#wr mem
Building configuration...
[OK]
s3550#sh start | be 0/1
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 switchport port-security
 switchport port-security mac-address sticky
 switchport port-security mac-address sticky 0050.3ef0.d6c0
 no ip address
Dmitry
> -----Original Message-----
> From: Emad [mailto:emad@zakq8.com]
> Sent: Monday, June 16, 2003 2:34 PM
> To: 'John Matijevic'
> Cc: ccielab@groupstudy.com
> Subject: RE: CAT3550: switchport port-security
> 
> 
> Thanx a lot John , but I'm afraid I didn't catch sticky configuration
> yet,
> I put one router on fa0/4 and its mac address was learned 
> dynamically of
> course and the configuration of that interface was:
> 
> interface FastEthernet0/4
>  switchport access vlan 10
>  switchport port-security maximum 5
>  switchport port-security mac-address sticky
>  no ip address
> 
> am I right in this configuration? And I don't understand the statement
> talking about that I will see the mac address in the running
> configuration , I already did sh run but I didn't see 
> anything , please
> explain with example from your own
> 
> thanx
> 
> -----Original Message-----
> From: John Matijevic [mailto:matijevi@bellsouth.net] 
> Sent: Monday, June 16, 2003 9:15 PM
> To: Emad ; ccielab@groupstudy.com
> Subject: Re: CAT3550: switchport port-security
> 
> Hello,
> I hope this information below helps you understand as it did for me.
> Sincerely,
> Matijevic
> 
> A secure port can have from 1 to 132 associated secure 
> addresses. After
> you
> have set the maximumnumber of secure MAC addresses on a port, 
> the secure
> addresses are included in an address table in oneof these 
> ways:.You can
> configure all secure MAC addresses by using the switchport 
> port-security
> mac-addressmac-address interface configuration command..You can allow
> the
> port to dynamically configure secure MAC addresses with the MAC
> addresses
> ofconnected devices..You can configure a number of addresses and allow
> the
> rest to be dynamically configured.Once the maximum number of 
> secure MAC
> addresses is configured, they are stored in an address table.Setting a
> maximum number of addresses to one and configuring the MAC 
> address of an
> attached deviceensures that the device has the full bandwidth of the
> port.The switch supports these types of secure MAC addresses:.Static
> secure
> MAC addresses-These are manually configured by using the
> switchportport-security mac-address mac-address interface 
> configuration
> command, stored in the addresstable, and added to the switch running
> configuration..Dynamic secure MAC addresses-These are dynamically
> configured, stored only in the addresstable, and removed when 
> the switch
> restarts..Sticky secure MAC addresses-These are dynamically 
> configured,
> stored in the address table, andadded to the running configuration. If
> these
> addresses are saved in the configuration file, when theswitch 
> restarts,
> the
> interface does not need to dynamically reconfigure them.You can
> configure an
> interface to convert the dynamic MAC addresses to sticky secure MAC
> addressesand to add them to the running configuration by 
> enabling sticky
> learning. To enable sticky learning, enterthe switchport port-security
> mac-address sticky interface configuration command. When you enterthis
> command, the interface converts all the dynamic secure MAC addresses,
> including those that weredynamically learned before sticky 
> learning was
> enabled, to sticky secure MAC addresses. The interfaceadds all the
> sticky
> secure MAC addresses to the running configuration.The sticky 
> secure MAC
> addresses do not automatically become part of the configuration file,
> which
> isthe startup configuration used each time the switch restarts. If you
> save
> the sticky secure MAC addressesin the configuration file, when the
> switch
> restarts, the interface does not need to relearn these 
> addresses.If you
> do
> not save the sticky secure addresses, they are lost
> ----- Original Message ----- 
> From: "Emad " <emad@zakq8.com>
> To: <ccielab@groupstudy.com>
> Sent: Monday, June 16, 2003 1:26 PM
> Subject: CAT3550: switchport port-security
> 
> 
> > Folks,
> > I read the DOC CD about this command  switchport 
> port-security sticky
> > but I didn't catch the idea behind this command exactly?
> > Please can anyone explain it more clear
> >
> > thanx
> >
> >
> >
> ______________________________________________________________
> _________
> > You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> 
> 
> ______________________________________________________________
> _________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
> 
> Subscription information may be found at: 
> http://www.groupstudy.com/list/CCIELab.html

• Next message: wing_lam@jossynergy.com: "RE: helper address"
• Previous message: Brian Dennis: "RE: Frame Relay question"
• Maybe in reply to: Emad : "CAT3550: switchport port-security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:11:05 GMT-3