Re: 3550 port security , need some clarification please

From: sabrina pittarel (sabri_esame@yahoo.com)
Date: Sun Sep 17 2006 - 15:03:55 ART

• Next message: 2nd CCIE: "RE: 3550 ACL's .."
• Previous message: Skinner, Stephen: "RE: 3550 port security , need some clarification please"
• Maybe in reply to: Skinner, Stephen: "3550 port security , need some clarification please"
• Next in thread: Skinner, Stephen: "RE: 3550 port security , need some clarification please"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

That's a very good question. What I can tell you for sure is the following:
 If the other PCs are not connected to that port you should not worry about them.
 
 Now if you were using "voice vlan X" for example the answer would have been:
 
 Switchport access vlan 3
 Switchport voice vlan 5
Switchport port-security maximum 3
 Switchport port-security mac-address 0000.0000.0000.0001
 Switchport port-security mac-address 0000.0000.0000.0002
 
 You need 3 for the following reason:
 
 1 phone mac on the voice vlan
 1 phone mac on the data vlan
 1 PC mac in the data vlan
 
 The port security static mac entries are both created on the data vlan:
 
 SW1#sh mac address-table vlan 3 | i 000a.
    3 000a.000b.000c DYNAMIC Fa0/32
    3 000a.000b.000d DYNAMIC Fa0/32
 SW1#sh mac address-table vlan 5 | i 000a.
 
 if you were using "voice vlan untagged" for example the answer would have been, I believe:
  
  Switchport access vlan 3
  Switchport voice untagged
 Switchport port-security maximum 2
  Switchport port-security mac-address 0000.0000.0000.0001
  Switchport port-security mac-address 0000.0000.0000.0002
  
  You need 2 for the following reason:
  
  1 phone mac on the voice vlan = data vlan (untagged)
  1 PC mac in the data vlan (untagged)
  
 Now if you are using "voice vlan dot1p" I don't know...since voice traffic uses VLAN0 and I'm not sure how the system behaves in respect on that.
 
 I don't have a way to try it out either unfortunately.
 
 Sabrina
 
 ----- Original Message ----
From: "Skinner, Stephen" <Stephen.Skinner@rbs.co.uk>
To: sabrina pittarel <sabri_esame@yahoo.com>; Cisco certification <ccielab@groupstudy.com>
Sent: Sunday, September 17, 2006 10:37:01 AM
Subject: RE: 3550 port security , need some clarification please

      DIV { MARGIN:0px;} hello ,
  
 they are the Mac address's of my phone 0001 and pc connected to the phone 00002
  
 cheers
  
 Stephen Skinner

   From: sabrina pittarel [mailto:sabri_esame@yahoo.com]
Sent: 17 September 2006 18:15
To: Skinner, Stephen; Cisco certification
Subject: Re: 3550 port security , need some clarification please

 
*** WARNING : This message originates from the Internet ***

  What are :
Switchport port-security mac-address 0000.0000.0000.0001
Switchport port-security mac-address 0000.0000.0000.0002
?

Sabrina

 ----- Original Message ----
From: "Skinner, Stephen" <Stephen.Skinner@rbs.co.uk>
To: Cisco certification <ccielab@groupstudy.com>
Sent: Sunday, September 17, 2006 9:37:40 AM
Subject: 3550 port security , need some clarification please

 Gents ,

I am looking for some clarification please .
The doc CD says the following in reference to static Mac address's in voice
vlans .

When you enable port security on an interface that is also configured with a
voice VLAN, you must set the maximum allowed secure addresses on the port to
at least two plus the maximum number of secure addresses allowed on the
access VLAN. When the port is connected to a Cisco IP phone, the IP phone
requires up to two MAC addresses. The address of the IP phone is learned on
the voice VLAN, and it might or might not be learned on the access VLAN.
Connecting a PC to the IP phone requires additional MAC addresses

So lets say I am using DOT1Q Tagged frames and not DOT1P priority tagged
frames

I have got 6 machines on this VLAN , (NO other phones. just PC's)
And there are two devices (phone and PC) on this port fa0/14

I would config as per , YES ?

Int fa0/14
Switchport port-security maximum 8
Switchport port-security mac-address 0000.0000.0000.0001
Switchport port-security mac-address 0000.0000.0000.0002

Many thanks

Stephen Skinner

The Royal Bank of Scotland plc, Registered in Scotland No. 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB

Authorised and regulated by the Financial Services Authority.

This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent.

Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by The Royal Bank of Scotland plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate.

• Next message: 2nd CCIE: "RE: 3550 ACL's .."
• Previous message: Skinner, Stephen: "RE: 3550 port security , need some clarification please"
• Maybe in reply to: Skinner, Stephen: "3550 port security , need some clarification please"
• Next in thread: Skinner, Stephen: "RE: 3550 port security , need some clarification please"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:40 ART