RE: port-security 3550

From: Danny.Andaluz@triaton-na.com
Date: Mon Jul 07 2003 - 16:57:53 GMT-3

• Next message: John Matijevic: "Re: port-security 3550"
• Previous message: Cornejo, Frank: "RE: How to find which host generates most traffic"
• Maybe in reply to: Danny.Andaluz@triaton-na.com: "port-security 3550"
• Next in thread: John Matijevic: "Re: port-security 3550"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I was wondering how the switch decides what that 1 MAC address will be. I
think it's the first one it sees on the interface. How else would it know
what to allow if you don't specify a MAC address?

Danny

-----Original Message-----
From: John Matijevic [mailto:matijevi@bellsouth.net]
Sent: Monday, July 07, 2003 3:51 PM
To: John Humphrey; Andaluz, Danilo, Triaton/NA
Cc: ccielab@groupstudy.com
Subject: Re: port-security 3550

Hello,
It looks like from your scenerio that you could use either protect or
restrict. And you will need port-security maximum 1 command to limit to one
mac-address. Sincerely, Matijevic
----- Original Message -----
From: "John Humphrey" <john.humphrey@txkisd.net>
To: <Danny.Andaluz@triaton-na.com>
Cc: <ccielab@groupstudy.com>
Sent: Monday, July 07, 2003 3:38 PM
Subject: Re: port-security 3550

> I think you need the following commands per DocCD. Check out this url
> as a reference:
> http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12113ea1/355
> 0scg
> /swtrafc.htm#1038546
>
> int f0/x
> switchport port-security maximum 1 --> sets maximum # of learned MAC
> to 1 switchport port-security mac-address xxxx.xxxx.xxxx --> R7's MAC
>
> This scenario would probably warrant the "switchport port-security
> violation restrict" or "switchport port-security violation protect".
> It just depends on whether or not you want an SNMP trap sent or not.
>
> Hope this helps.
>
> > Hello, Group. Quick question on port security.
> >
> > interface FastEthernet0/7
> > switchport port-security violation protect
> >
> > r7---cat3550
> >
> > Will the above config allow the port to only learn r7's MAC and none
> > other? Here's the requirement:
> >
> > Configure the port attached to R7 to only learn 1 MAC address. If
> > other devices are connected to this port, it should not be shut
> > down, but rather deny any communications from these new MAC's.
> >
> > I think the "protect" keyword prevents the port from being shutdown.
> > I'm confused about the part where it only learns R7's MAC. If
> > another device connects to this port, how does the switch know it's
> > not R7. I'm guessing it's dynamic, but is the above all that is
> > needed as far as configurations on the cat interface? Shouldn't the
> > command "switchport port-security" be added as well? I was looking
> > at the Doc CD, but it's not clear. I'm finding conflicting info.
> >
> > Thanks,
> > Danny
> >
> >
> > ____________________________________________________________________
> > ___
> > You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> ______________________________________________________________________
> _
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: John Matijevic: "Re: port-security 3550"
• Previous message: Cornejo, Frank: "RE: How to find which host generates most traffic"
• Maybe in reply to: Danny.Andaluz@triaton-na.com: "port-security 3550"
• Next in thread: John Matijevic: "Re: port-security 3550"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:27 GMT-3