Here is how you get full marks in a "typical" port security sticky task:
Sw mode acc Sw acc vlan 4 Switch port-sec Switch port-sec mac max 2 Switch port-sec mac sticky No shut Wr Forgive me if there are syntax mistakes - just fired this off from the top of my head. On 10/28/12 9:16 PM, "Matt Hill" <[email protected]> wrote: >I honestly dont know. I have never sat a Security v3 Lab. R&S v3 on >the other hand :) > >Seriously though, if the task says, "must survive reboot" then what >other option is there? If it does not say "must survive reboot" then >I'll just leave it as is. > >Or am I completely missing the point here? > >Cheers, >Matt > >CCIE #22386 >CCSI #31207 > >On 28 October 2012 18:09, Anthony Sequeira ><[email protected]> wrote: >> Wait a minute - you think that on the CCIE Security lab exam, if you >>get a >> port security task that involves sticky learning, you need to configure >>a >> Kron job to receive full marks? >> >> No - I cannot see that being a required lab exam scenario. >> >> On 10/28/12 5:49 PM, "Matt Hill" <[email protected]> wrote: >> >>>"Typically"? :) >>> >>>Hmm.... >>> >>>If the question asks me "learn MAC address then save in running >>>config" I will leave it as sticky. If it asks "make sure the learned >>>MAC survives a reboot" or similar then I am following Marta's tip! >>> >>>Cheers, >>>Matt >>> >>>CCIE #22386 >>>CCSI #31207 >>> >>>On 28 October 2012 14:39, Anthony Sequeira >>><[email protected]> wrote: >>>> Yes - and from a lab exam perspective - it is just a matter of having >>>>the >>>> sticky command in there typically in order to receive full marks. >>>> >>>> From: Marta Sokolowska <[email protected]> >>>> Date: Sunday, October 28, 2012 5:24 PM >>>> To: Matt Hill <[email protected]> >>>> Cc: CCIE Security <[email protected]> >>>> Subject: Re: [OSL | CCIE_Security] Port-Security - Sticky >>>> >>>> >>>> 2012/10/28 Matt Hill <[email protected]> >>>> >>>>> Hello, >>>>> >>>>> I am playing with port-security right now. >>>>> >>>>> Now, is there a way for a MAC learned via sticky to "survive" reboot >>>>> and remain in the config? I know that once it is learned , one may >>>>>do >>>>> a write mem and that will save it, however is there a way that it can >>>>> be saved without intervention? >>>> >>>> >>>> [...] >>>> >>>> There's a solution, but it is still based on "write memory", so I >>>>would >>>>call >>>> it rather a workaround. It uses "kron" command to do "write memory" >>>>every 10 >>>> minutes: >>>> >>>> kron occurrence WRITE-MEM in 10 recurring >>>> policy-list WRITE-MEM >>>> ! >>>> kron policy-list WRITE-MEM >>>> cli "write memory" >>>> >>>> So in this case, if the switch learns MAC address via "sticky" in >>>> port-security, the address will be saved in running-config immediately >>>>and >>>> in startup-config after 10 minutes. >>>> >>>> -- >>>> >>>> Marta SokoĊowska. >>>> >> _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
