Re: IEWB Lab 17 task 1.9 port security violation modec

From: Bajo (bajoalex@gmail.com)
Date: Tue May 09 2006 - 17:40:10 ART

• Next message: Tony Paterra: "IExperts Core Lab 7, 4.13 loop prevention"
• Previous message: Tony Paterra: "IE Experts Core Lab 7 4.11 mutual redist..."
• Maybe in reply to: Wang, Ting \(Taylor\): "IEWB Lab 17 task 1.9 port security violation modec"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The difference b/n "protect" and "restrict" is: syslog, SNMP trap and,
violation counter.

The difference b/n "restrict" and "shutdown" is, guess what, only shutdown.

Check out this link, there is a summary table for all the tree types.
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/scg/swtraf
c.htm#wp1038501

On 5/9/06, Wang, Ting (Taylor) <wangting@avaya.com> wrote:
>
> Hi Kemal,
> As I understand, there should be other difference for the two options
> besides the logging.
> Taylor
>
> -----Original Message-----
> From: Kemal YILDIRIM [mailto:kemalhy@gmail.com]
> Sent: Tuesday, May 09, 2006 7:43 PM
> To: Wang, Ting (Taylor); ccielab@groupstudy.com
> Subject: RE: IEWB Lab 17 task 1.9 port security violation modec
>
> Hi Taylor,
> Download the latest LAB solution guide.
> VolI.LAB17-Task1.6
> Solution guide is not like you wrote.
> Actually for this task, protect or restrict options can be use.
> Because there is no logging requirement.
>
> Restrict must be use for logging case.
>
> Regards,
> Kemal
>
> Objects are what is unalterable and subsistent; their configuration is
> what is changing and unstable.
> So, you need PRACTICE, PRACTICE, AND MORE PRACTICE...
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Wang, Ting (Taylor)
> Sent: Tuesday, May 09, 2006 2:09 PM
> To: ccielab@groupstudy.com
> Subject: IEWB Lab 17 task 1.9 port security violation modec
>
> Hi Group,
> The task 1.9 requires the max. number of 5 host can be connect to the
> port at the same time. Traffic from excess hosts should be dropped. The
> solution use restrict, but I think "protect" should be used. Any one
> can explan it?
>
> interface FastEthernet0/22
> switchport mode access
> switchport port-security
> switchport port-security maximum 5
> t-security aging time 5
> switchport port-security violation restrict
>
> Below is the different for the two options:
> - Protect: Set the security violation protect mode. When the number of
> secure MAC addresses reach the maximum limit allowed on the port,
> packets with unknown source addresses are dropped until you remove a
> sufficient number of secure MAC addresses to drop below the maximum
> value.
>
> - Restrict: Set the security violation restrict mode. In this mode, a
> port security violation restricts data and causes the SecurityViolation
> counter to increment.
>
> Thanks,
> Taylor
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

--
Kind Regards,
Bajo

• Next message: Tony Paterra: "IExperts Core Lab 7, 4.13 loop prevention"
• Previous message: Tony Paterra: "IE Experts Core Lab 7 4.11 mutual redist..."
• Maybe in reply to: Wang, Ting \(Taylor\): "IEWB Lab 17 task 1.9 port security violation modec"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:21 ART