From: Danny.Andaluz@triaton-na.com
Date: Mon Jul 07 2003 - 17:14:49 GMT-3
I looked in the config guide before posting. I always try to find the answer there first. Although sometimes, hearing protocol descriptions in people's own words help make the answers clearer.
Thanks,
Danny
-----Original Message-----
From: boby2kusa@hotmail.com [mailto:boby2kusa@hotmail.com]
Sent: Monday, July 07, 2003 4:07 PM
To: Andaluz, Danilo, Triaton/NA; matijevi@bellsouth.net; john.humphrey@txkisd.net
Cc: ccielab@groupstudy.com
Subject: Re: port-security 3550
no, the switch will learn the mac address dynamically.
the config guide the I and another responder sent you have all the answer to these questions.
----- Original Message -----
From: <Danny.Andaluz@triaton-na.com>
To: <matijevi@bellsouth.net>; <john.humphrey@txkisd.net>
Cc: <ccielab@groupstudy.com>
Sent: Monday, July 07, 2003 1:04 PM
Subject: RE: port-security 3550
> So if I don't specify a MAC address and only specify "switchport
port-security violation protect" and "switchport port-security maximum 1, the switch will ignore these commands?
>
> Danny
>
> -----Original Message-----
> From: John Matijevic [mailto:matijevi@bellsouth.net]
> Sent: Monday, July 07, 2003 3:56 PM
> To: Andaluz, Danilo, Triaton/NA; john.humphrey@txkisd.net
> Cc: ccielab@groupstudy.com
> Subject: Re: port-security 3550
>
>
> Hello,
> Again the switch would not know, you have to specify using the
> switchport
port-security mac-address.
> Sincerely,
> Matijevic
>
> ----- Original Message -----
> From: Danny.Andaluz@triaton-na.com
> <mailto:Danny.Andaluz@triaton-na.com>
> To: matijevi@bellsouth.net <mailto:matijevi@bellsouth.net> ;
john.humphrey@txkisd.net <mailto:john.humphrey@txkisd.net>
> Cc: ccielab@groupstudy.com <mailto:ccielab@groupstudy.com>
> Sent: Monday, July 07, 2003 3:57 PM
> Subject: RE: port-security 3550
>
>
> I was wondering how the switch decides what that 1 MAC address will
> be. I
think it's the first one it sees on the interface. How else would it know what to allow if you don't specify a MAC address?
>
> Danny
>
> -----Original Message-----
> From: John Matijevic [mailto:matijevi@bellsouth.net
<mailto:matijevi@bellsouth.net> ]
> Sent: Monday, July 07, 2003 3:51 PM
> To: John Humphrey; Andaluz, Danilo, Triaton/NA
> Cc: ccielab@groupstudy.com <mailto:ccielab@groupstudy.com>
> Subject: Re: port-security 3550
>
>
> Hello,
> It looks like from your scenerio that you could use either protect or
restrict. And you will need port-security maximum 1 command to limit to one mac-address. Sincerely, Matijevic
>
> ----- Original Message -----
> From: "John Humphrey" <john.humphrey@txkisd.net>
> To: <Danny.Andaluz@triaton-na.com>
> Cc: <ccielab@groupstudy.com>
> Sent: Monday, July 07, 2003 3:38 PM
> Subject: Re: port-security 3550
>
>
> > I think you need the following commands per DocCD. Check out this
> > url as a reference:
> > http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12113ea1/3
> > 55
<http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12113ea1/355>
> > 0scg
> > /swtrafc.htm#1038546
> >
> > int f0/x
> > switchport port-security maximum 1 --> sets maximum # of learned
> > MAC to 1 switchport port-security mac-address xxxx.xxxx.xxxx -->
> > R7's MAC
> >
> > This scenario would probably warrant the "switchport port-security
> > violation restrict" or "switchport port-security violation protect".
> > It just depends on whether or not you want an SNMP trap sent or not.
> >
> > Hope this helps.
> >
> > > Hello, Group. Quick question on port security.
> > >
> > > interface FastEthernet0/7
> > > switchport port-security violation protect
> > >
> > > r7---cat3550
> > >
> > > Will the above config allow the port to only learn r7's MAC and
> > > none other? Here's the requirement:
> > >
> > > Configure the port attached to R7 to only learn 1 MAC address. If
> > > other devices are connected to this port, it should not be shut
> > > down, but rather deny any communications from these new MAC's.
> > >
> > > I think the "protect" keyword prevents the port from being
> > > shutdown. I'm confused about the part where it only learns R7's
> > > MAC. If another device connects to this port, how does the switch
> > > know it's not R7. I'm guessing it's dynamic, but is the above all
> > > that is needed as far as configurations on the cat interface?
> > > Shouldn't the command "switchport port-security" be added as well?
> > > I was looking at the Doc CD, but it's not clear. I'm finding
> > > conflicting info.
> > >
> > > Thanks,
> > > Danny
> > >
> > >
> > > __________________________________________________________________
> > > __
> > > ___
> > > You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
<http://www.groupstudy.com/list/CCIELab.html>
> >
> >
> > ____________________________________________________________________
> > __
> > _
> > You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
<http://www.groupstudy.com/list/CCIELab.html>
>
>
> ______________________________________________________________________
> _
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:27 GMT-3