From: Victor Cappuccio (cvictor@protokolgroup.com)
Date: Mon Mar 13 2006 - 02:33:25 GMT-3
Hello list..
Please excuse me, but I have several doubts in port secure that I what
to finally understand
Rack1Sw1#show mac-address-table interface fastEthernet 0/2
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
2 000e.8473.7280 DYNAMIC Fa0/2
Learned Dynamically as far the output can tell
Rack1Sw1# show mac-address-table aging-time
Vlan Aging Time
---- ----------
5 300
2 300
3 300
6 300
1 300
Now
Rack1Sw1#show port-security interface fastEthernet 0/2
Port Security : Disabled << -- ?
Port Status : Secure-down << -- is not the same information??
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0 <- OK LET ROCK!
Rack1Sw1#conf te
Enter configuration commands, one per line. End with CNTL/Z.
Rack1Sw1(config)#interface f0/2
Rack1Sw1(config-if)#switchport port-security
Rack1Sw1(config-if)#
Rack1Sw1(config-if)#do show port-security interface fastEthernet 0/2
Port Security : Enabled
Port Status : Secure-up <<-- The Security guy is at the door
Violation Mode : Shutdown <<-- Ok Everthing is going to be
put in err-disable if I go above the MAX MAC ADD
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1 <-- Just One person in the PUB is allowed
Total MAC Addresses : 1 <-- I guess that this value could be just
to let you know that could be lowered or raised..
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 000e.8473.7280:2 <<--- The MAC and the
learned is there any way to look at the Macs and Vlans learned I mean
the port-secure list??..
Security Violation Count : 0
Rack1Sw1(config-if)#switchport port-security mac-address sticky
Rack1Sw1(config-if)#do show port-security interface fastEthernet 0/2
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1 <<-- and in the running must be the
configuration of the mac learned so the switch does not loose this
information..
Last Source Address:Vlan : 000e.8473.7280:2
Security Violation Count : 0
<< -- YEP look here
interface FastEthernet0/2
switchport access vlan 2
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 000e.8473.7280
spanning-tree portfast
But why of this?
Rack1Sw1(config)#$tic 3333.3333.3333 vlan 2 interface fastEthernet
0/2
Cannot add static address on Fa0/2 because port security is enabled
I thought that because the maximum number of mac configured, but I think
that this is not true why I can not simulate another device in the port??
Rack1Sw1(config-if)#switchport port-security maximum 2
Rack1Sw1(config-if)#$tic 3333.3333.3333 vlan 2 interface fastEthernet 0/2
Cannot add static address on Fa0/2 because port security is enabled
Now and what about the aging, if I can not have a static mac in the port
and the cam will erase then the mac every X seconds then why I what to
erase the mac from the list of protected mac address in the port secure
list ??
I can not see a useful idea for this 2 parameters any thoughts
Thanks
Victor.
This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:38 GMT-3