RE: IEWB Lab 18

From: De Witt, Duane (duane.dewitt@siemens.com)
Date: Fri Oct 21 2005 - 10:13:12 GMT-3

• Next message: KSGoh: "2500 vx 2610.."
• Previous message: cacca mucca: "RE: Real Lab information"
• Maybe in reply to: De Witt, Duane: "IEWB Lab 18"
• Next in thread: Brian McGahan: "RE: IEWB Lab 18"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Yeah, agreed. Invariably CDP/STP/SNMP/WLSE traffic would cause the AP to
be the first MAC learned by the switch, so a static sticky or maximum 2
addresses would be the best answer?

Would the guys from IE care to comment?

-----Original Message-----
From: kgannon@gmail.com [mailto:kgannon@gmail.com] On Behalf Of kevin
gannon
Sent: 21 October 2005 12:58 PM
To: De Witt, Duane
Cc: Bola Adegbonmire; Cisco certification
Subject: Re: IEWB Lab 18

Dont have an AP to test but I would bet this is caused by
CDP/STP traffic. Two would be a better option and hardcode
a sticky for the AP.

Regards
Kevin

On 10/21/05, De Witt, Duane <duane.dewitt@siemens.com> wrote:
> Hi Bola
>
>
>
> Thanks for the response. Take a look below, I happen to have a client
> network that I can take info from:
>
>
>
> This is the show arp on the AP, it shows the MAC of the AP:
>
> Internet 172.16.254.131 - 000f.903e.3ae7 ARPA BVI1
>
>
>
> This is the show mac-address-table of the switch that the AP connects
> to:
>
> RCI-GND-SW-2#show mac-address-table interface fastEthernet 0/47
>
> Mac Address Table
>
> -------------------------------------------
>
>
>
> Vlan Mac Address Type Ports
>
> ---- ----------- -------- -----
>
> 1 000f.903e.3ae7 DYNAMIC Fa0/47
>
> Total Mac Addresses for this criterion: 1
>
>
>
> So, it shows that the MAC of the AP is learned by the switch and would
> count as a secure address. Not sure if this proves anything though.
>
>
>
> ________________________________
>
> From: Bola Adegbonmire [mailto:bolaccie@yahoo.com]
> Sent: 21 October 2005 11:42 AM
> To: De Witt, Duane; Cisco certification
> Subject: Re: IEWB Lab 18
>
>
>
> Hi Duane,
>
>
>
> I believe the solution is right based on the following. The AP is a
> swicth, except that it is a wireless swicth (in quote). As a result it
> does not forward its own mac-address when forwarding datagrams through
> it to the network. Only a router replaces the originating mac-address
> with its own when forwarding packets received on one interface out
> another to the network.
>
>
>
> So IEWB solution is right.
>
>
>
> Or am I missing something group?
>
>
>
> Bola
>
> "De Witt, Duane" <duane.dewitt@siemens.com> wrote:
>
> Hi Group
>
>
>
> Lab 18 requires only one person to be able to use an AP by
using
> port-security. The recommended solution is 'violation protect'
> and
> 'mac-address sticky'.
>
>
>
> If the default maximum mac-addresses is 1 then the only
> mac-address that
> will be allowed is the mac of the AP itself. Shouldn't the
> maximum be
> changed to 2 to allow the mac of the AP as well as the mac of
> the one
> person?
>
>
>
> Regards
>
> Duane
>
>
>
> ____________________________________________
> SIEMENS Siemens Business Services
> Siemens Service Center
>
> 126 14th Road
>
> Erand Gardens
>
> Midrand
>
> South Africa
>
>
>
> * +27 11 5452555
> * +27 83 4452768
> * +27 11 5415219
> * duane.dewitt@siemens.com
>
>
>

• Next message: KSGoh: "2500 vx 2610.."
• Previous message: cacca mucca: "RE: Real Lab information"
• Maybe in reply to: De Witt, Duane: "IEWB Lab 18"
• Next in thread: Brian McGahan: "RE: IEWB Lab 18"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:52 GMT-3