Yep, I've used it. There is considerable flexibility in setup. Some
switches take up to several hundred MAC entries, learned or statically
assigned. You can also set the thing up to simply alert through SNMP traps,
and/or administratively shut down that port until you do a 'no shut', or
otherwise enable the port.
Typically, it's one MAC address per port for setup, but, sometimes, the
ability to add one or more allowed address can be useful. Those pesky
additional hubs out there can be secured by simply adding whatever 'allowed'
addresses to the list on the port serving the hub/downstream switch. Syntax
can be funny, and is in a couple of spots. GUI is quite intuitive, and
dynamically acquire the MAC address(s).
port security max-mac-count x ;x=number of macs
port security action shutdown | trap ; traps, of course, must be set up
; meanwhile, elsewhere
mac-address-table secure hhhh.hhhh.hhhh FastEthernet x/y vlan z
Document this! Port security can be tough on workers in the field without
switch knowledge and/or access.
Best, G.
VP OGC
Chaos reigns within.
Reflect, repent and reboot.
Order shall return.
--Haiku wisdom
>
> So you have to be sure you're not causing a support nightmare
> for yourself
> when you use this.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=39703&t=39457
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
