Re: Port-Secure

From: Balaji Siva (bsivasub@gmail.com)
Date: Mon Feb 14 2005 - 17:04:52 GMT-3

• Next message: 22Cent@gmail.com: "Re: Remotely Accesing Lab"
• Previous message: James Matrisciano: "RE: Remotely Accesing Lab"
• Maybe in reply to: gladston@br.ibm.com: "Port-Secure"
• Next in thread: Brian Dennis: "RE: Port-Secure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Actually, there should have been an error message stating which mac
address caused the violation. You can just look at that and go from
there.

Balaji

On Mon, 14 Feb 2005 15:03:27 -0500, Brian Dennis
<bdennis@internetworkexpert.com> wrote:
> HSRP for one:
>
> R1:
> interface Ethernet0/0
> description - VLAN 19 to the PIX and IDS
> ip address 183.1.19.1 255.255.255.0
> half-duplex
> standby 1 ip 183.1.19.254
> end
>
> Rack1SW1#sho arp | in Vlan19
> Internet 183.1.19.254 2 0000.0c07.ac01 ARPA Vlan19
> Internet 183.1.19.7 - 000a.f4f3.e780 ARPA Vlan19
> Internet 183.1.19.1 0 00d0.586e.b720 ARPA Vlan19
> Rack1SW1#
> Rack1SW1#sho mac-a int fa0/1 <-- Port R1 is connected to
> Mac Address Table
> -------------------------------------------
>
> Vlan Mac Address Type Ports
> ---- ----------- -------- -----
> 19 0000.0c07.ac01 DYNAMIC Fa0/1
> 19 00d0.586e.b720 DYNAMIC Fa0/1
> Total Mac Addresses for this criterion: 2
> Rack1SW1#
>
> Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
>
> bdennis@internetworkexpert.com
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Direct: 775-745-6404 (Outside the US and Canada)
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> gladston@br.ibm.com
> Sent: Monday, February 14, 2005 11:17 AM
> To: ccielab@groupstudy.com
> Subject: Port-Secure
>
> Have you ever had a problem with port-secure blocking a port where just
> one router was connected?
>
> I had this problem last year, but trying to reproduce it without
> success.
> The configuration was:
>
> Rx---cat
>
> on cat:
> int fast 0/3
> switchport mode access
> switchport access vlan 12
> switchport port-secure
> switchport port-security mac-address 0001.42bb.9512
>
> I am wondering what protocol could be sourcing frames with a diferent
> Mac on vlan 12 that would cause CAT to block the port.
>
> Any feedback appreciated.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: 22Cent@gmail.com: "Re: Remotely Accesing Lab"
• Previous message: James Matrisciano: "RE: Remotely Accesing Lab"
• Maybe in reply to: gladston@br.ibm.com: "Port-Secure"
• Next in thread: Brian Dennis: "RE: Port-Secure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:20 GMT-3