Re: port-security 3550

From: Cristian Henry H (chenry@reuna.cl)
Date: Mon Jul 07 2003 - 17:52:09 GMT-3

• Next message: Danny.Andaluz@triaton-na.com: "RE: port-security 3550"
• Previous message: Danny.Andaluz@triaton-na.com: "RE: port-security 3550"
• Maybe in reply to: Danny.Andaluz@triaton-na.com: "port-security 3550"
• Next in thread: Danny.Andaluz@triaton-na.com: "RE: port-security 3550"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Look this,

interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 switchport port-security
 switchport port-security violation protect
 switchport port-security mac-address 0009.b7da.4140
!

with the configuration above, without config "maximun 1" works as
expected,

#sh port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security
Action
                    (Count) (Count) (Count)
-------------------------------------------------------------------------------
     Fa0/1 1 1 4
Protect
-------------------------------------------------------------------------------
Total Addresses in System : 1
Max Addresses limit in System : 128

#sh mac-address-table interface f0/1
          Mac Address Table
------------------------------------------

Vlan Mac Address Type Ports
---- ----------- ---- -----
  10 0009.b7da.4140 STATIC Fa0/1
Total Mac Addresses for this criterion: 1

Danny.Andaluz@triaton-na.com ha escrito:
>
> Hello, Group. Quick question on port security.
>
> interface FastEthernet0/7
> switchport port-security violation protect
>
> r7---cat3550
>
> Will the above config allow the port to only learn r7's MAC and none other?
> Here's the requirement:
>
> Configure the port attached to R7 to only learn 1 MAC address. If other
> devices are connected to this port, it should not be shut down, but rather
> deny any communications from these new MAC's.
>
> I think the "protect" keyword prevents the port from being shutdown. I'm
> confused about the part where it only learns R7's MAC. If another device
> connects to this port, how does the switch know it's not R7. I'm guessing
> it's dynamic, but is the above all that is needed as far as configurations
> on the cat interface? Shouldn't the command "switchport port-security" be
> added as well? I was looking at the Doc CD, but it's not clear. I'm
> finding conflicting info.
>
> Thanks,
> Danny
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

-- 
Cristian E. Henry
REUNA
E-mail: chenry@reuna.cl
Fono: 56-2-3370336

• Next message: Danny.Andaluz@triaton-na.com: "RE: port-security 3550"
• Previous message: Danny.Andaluz@triaton-na.com: "RE: port-security 3550"
• Maybe in reply to: Danny.Andaluz@triaton-na.com: "port-security 3550"
• Next in thread: Danny.Andaluz@triaton-na.com: "RE: port-security 3550"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:27 GMT-3