From: Oliver Ziltener (ziltener@netcloud.ch)
Date: Sun Jul 20 2003 - 11:32:23 GMT-3
Has really nobody the same experience?
-----Urspr|ngliche Nachricht-----
Von: Oliver Ziltener
Gesendet: Freitag, 18. Juli 2003 11:46
An: ccielab@groupstudy.com
Cc: Oliver Ziltener
Betreff: Portsecurity: different behavior on Cat3550/Cat4506(SupIV)
Hello
I found out yesterday, that these both products handle port-sequrity
different.
On both I config these lines:
switchport
switchport access vlan 2
switchport mode access
spanning-tree bpduguard enable
switchport port-security
switchport port-security maximum 1
switchport port-security violation restrict
spanning-tree portfast
Cat3550(EMI): when more than one MAC-Address is learned , the switch send a
syslog-message and increase the violation counter (show port-security).
The PC with the second MAC-Address is blocked. On these box I have 3
configuration violation options: protect, restrict, shutdown
Cat4506 with SupIV: when more than one MAC-Address is learned, the Switch
increase only the violation counter and does not send syslog messages!
The PC with the second MAC-Address is blocked. On these box I have only 2
configuration violation options: shutdown and restrict.
Anyway, in the cisco manual stands the the default maximum mac-addresse are
128. I think it is 1, because the line "switchport port-security maximum 1"
disappear when u are doing show config.
Has anybody outside done the same experiance?
I would like that the 4506 act similar (incl. sending syslog) as the 3550! Is
there a way to do that.
thanks for feedback
Oliver
This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:46 GMT-3