From: John Humphrey (john.humphrey@txkisd.net)
Date: Mon Jul 07 2003 - 16:38:30 GMT-3
I think you need the following commands per DocCD. Check out this url as
a reference:
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12113ea1/3550scg
/swtrafc.htm#1038546
int f0/x
switchport port-security maximum 1 --> sets maximum # of learned MAC to 1
switchport port-security mac-address xxxx.xxxx.xxxx --> R7's MAC
This scenario would probably warrant the "switchport port-security
violation restrict" or "switchport port-security violation protect". It
just depends on whether or not you want an SNMP trap sent or not.
Hope this helps.
> Hello, Group. Quick question on port security.
>
> interface FastEthernet0/7
> switchport port-security violation protect
>
> r7---cat3550
>
> Will the above config allow the port to only learn r7's MAC and none
> other? Here's the requirement:
>
> Configure the port attached to R7 to only learn 1 MAC address. If
> other devices are connected to this port, it should not be shut down,
> but rather deny any communications from these new MAC's.
>
> I think the "protect" keyword prevents the port from being shutdown.
> I'm confused about the part where it only learns R7's MAC. If another
> device connects to this port, how does the switch know it's not R7.
> I'm guessing it's dynamic, but is the above all that is needed as far
> as configurations on the cat interface? Shouldn't the command
> "switchport port-security" be added as well? I was looking at the Doc
> CD, but it's not clear. I'm finding conflicting info.
>
> Thanks,
> Danny
>
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:27 GMT-3