RE: Port-Secure

From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Mon Feb 14 2005 - 17:10:41 GMT-3

• Next message: Phil: "Re: Help on Lock and Key configuration."
• Previous message: 22Cent@gmail.com: "Re: Remotely Accesing Lab"
• Maybe in reply to: gladston@br.ibm.com: "Port-Secure"
• Next in thread: gladston@br.ibm.com: "Re: RE: Port-Secure"
• Maybe reply: gladston@br.ibm.com: "Re: RE: Port-Secure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

He was asking what type of configuration would cause this problem since
he can't recall what the cause was when it happened last. Kind of hard
to look at the error message if you can't recreate the problem ;-)

Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)

bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)

-----Original Message-----
From: Balaji Siva [mailto:bsivasub@gmail.com]
Sent: Monday, February 14, 2005 12:05 PM
To: Brian Dennis
Cc: gladston@br.ibm.com; ccielab@groupstudy.com
Subject: Re: Port-Secure

Actually, there should have been an error message stating which mac
address caused the violation. You can just look at that and go from
there.

Balaji

On Mon, 14 Feb 2005 15:03:27 -0500, Brian Dennis
<bdennis@internetworkexpert.com> wrote:
> HSRP for one:
>
> R1:
> interface Ethernet0/0
> description - VLAN 19 to the PIX and IDS
> ip address 183.1.19.1 255.255.255.0
> half-duplex
> standby 1 ip 183.1.19.254
> end
>
> Rack1SW1#sho arp | in Vlan19
> Internet 183.1.19.254 2 0000.0c07.ac01 ARPA Vlan19
> Internet 183.1.19.7 - 000a.f4f3.e780 ARPA Vlan19
> Internet 183.1.19.1 0 00d0.586e.b720 ARPA Vlan19
> Rack1SW1#
> Rack1SW1#sho mac-a int fa0/1 <-- Port R1 is connected to
> Mac Address Table
> -------------------------------------------
>
> Vlan Mac Address Type Ports
> ---- ----------- -------- -----
> 19 0000.0c07.ac01 DYNAMIC Fa0/1
> 19 00d0.586e.b720 DYNAMIC Fa0/1
> Total Mac Addresses for this criterion: 2
> Rack1SW1#
>
> Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
>
> bdennis@internetworkexpert.com
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Direct: 775-745-6404 (Outside the US and Canada)
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> gladston@br.ibm.com
> Sent: Monday, February 14, 2005 11:17 AM
> To: ccielab@groupstudy.com
> Subject: Port-Secure
>
> Have you ever had a problem with port-secure blocking a port where
just
> one router was connected?
>
> I had this problem last year, but trying to reproduce it without
> success.
> The configuration was:
>
> Rx---cat
>
> on cat:
> int fast 0/3
> switchport mode access
> switchport access vlan 12
> switchport port-secure
> switchport port-security mac-address 0001.42bb.9512
>
> I am wondering what protocol could be sourcing frames with a diferent
> Mac on vlan 12 that would cause CAT to block the port.
>
> Any feedback appreciated.
>
>

• Next message: Phil: "Re: Help on Lock and Key configuration."
• Previous message: 22Cent@gmail.com: "Re: Remotely Accesing Lab"
• Maybe in reply to: gladston@br.ibm.com: "Port-Secure"
• Next in thread: gladston@br.ibm.com: "Re: RE: Port-Secure"
• Maybe reply: gladston@br.ibm.com: "Re: RE: Port-Secure"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:20 GMT-3