I would do and confirm what Anthony is saying. Kron would be too much for the exam purposes specially if the task is worth 3 points.
On Sunday, October 28, 2012, Anthony Sequeira wrote: > Here is how you get full marks in a "typical" port security sticky task: > > Sw mode acc > Sw acc vlan 4 > Switch port-sec > Switch port-sec mac max 2 > Switch port-sec mac sticky > No shut > Wr > > Forgive me if there are syntax mistakes - just fired this off from the top > of my head. > > On 10/28/12 9:16 PM, "Matt Hill" <[email protected]> wrote: > > >I honestly dont know. I have never sat a Security v3 Lab. R&S v3 on > >the other hand :) > > > >Seriously though, if the task says, "must survive reboot" then what > >other option is there? If it does not say "must survive reboot" then > >I'll just leave it as is. > > > >Or am I completely missing the point here? > > > >Cheers, > >Matt > > > >CCIE #22386 > >CCSI #31207 > > > >On 28 October 2012 18:09, Anthony Sequeira > ><[email protected]> wrote: > >> Wait a minute - you think that on the CCIE Security lab exam, if you > >>get a > >> port security task that involves sticky learning, you need to configure > >>a > >> Kron job to receive full marks? > >> > >> No - I cannot see that being a required lab exam scenario. > >> > >> On 10/28/12 5:49 PM, "Matt Hill" <[email protected]> wrote: > >> > >>>"Typically"? :) > >>> > >>>Hmm.... > >>> > >>>If the question asks me "learn MAC address then save in running > >>>config" I will leave it as sticky. If it asks "make sure the learned > >>>MAC survives a reboot" or similar then I am following Marta's tip! > >>> > >>>Cheers, > >>>Matt > >>> > >>>CCIE #22386 > >>>CCSI #31207 > >>> > >>>On 28 October 2012 14:39, Anthony Sequeira > >>><[email protected]> wrote: > >>>> Yes - and from a lab exam perspective - it is just a matter of having > >>>>the > >>>> sticky command in there typically in order to receive full marks. > >>>> > >>>> From: Marta Sokolowska <[email protected]> > >>>> Date: Sunday, October 28, 2012 5:24 PM > >>>> To: Matt Hill <[email protected]> > >>>> Cc: CCIE Security <[email protected]> > >>>> Subject: Re: [OSL | CCIE_Security] Port-Security - Sticky > >>>> > >>>> > >>>> 2012/10/28 Matt Hill <[email protected]> > >>>> > >>>>> Hello, > >>>>> > >>>>> I am playing with port-security right now. > >>>>> > >>>>> Now, is there a way for a MAC learned via sticky to "survive" reboot > >>>>> and remain in the config? I know that once it is learned , one may > >>>>>do > >>>>> a write mem and that will save it, however is there a way that it can > >>>>> be saved without intervention? > >>>> > >>>> > >>>> [...] > >>>> > >>>> There's a solution, but it is still based on "write memory", so I > >>>>would > >>>>call > >>>> it rather a workaround. It uses "kron" command to do "write memory" > >>>>every 10 > >>>> minutes: > >>>> > >>>> kron occurrence WRITE-MEM in 10 recurring > >>>> policy-list WRITE-MEM > >>>> ! > >>>> kron policy-list WRITE-MEM > >>>> cli "write memory" > >>>> > >>>> So in this case, if the switch learns MAC address via "sticky" in > >>>> port-security, the address will be saved in running-config immediately > >>>>and > >>>> in startup-config after 10 minutes. > >>>> > >>>> -- > >>>> > >>>> Marta SokoĊowska. > >>>> > >> > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit <http://www.ipexpert.com> -- FNK, CCIE Security#35578
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
