Solved

Cisco IOS

Posted on 2013-01-10
5
325 Views
Last Modified: 2013-01-13
Hello,

We have Cisco 3750 switches on our network.  I am planning to configure port security
using the "Stickey" codes.  The IOS is 122.

My question is, if a switch port violation occurs, is the violation removed when the switch
is restarted.  In other words, could this be a way to overide this method of port security?

Thanks in advance!

rayneedssomehelp
0
Comment
Question by:Rayneedssomehelp
5 Comments
 
LVL 20

Expert Comment

by:rauenpc
ID: 38765856
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.pdf#page2

Once a Mac registers on a sticky port, the Mac goes to the running config. If you then save the running config, the Mac essentially becomes a static port security entry. This means a reload is not always a way around the security feature.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 38766066
Yes, rebooting the switch will reset the log.

I will be a lot concerned if your switches are accessible for anyone to just walk to and reboot though - Talking about physical security.

There are many other features with port security, eg, forcing error disabled state and even configuring recovery alternatives.

The goal for port security is to prevent access. You can even configure the switch to log its violations on a computer.

Rebooting the switch resets it but violations will be triggered again if the condition still exists when the switch loads back up

Hope this helps

All the best
0
 
LVL 5
ID: 38766364
Yes ,

In normal case lines , you need to shut and unshut the port to release the port,  which is the same thing when a switch reloads

I would say have the switch log its activities to a simple syslog server as Kiwi or something in this way you wont miss what happend

Regards
Game
0
 

Author Comment

by:Rayneedssomehelp
ID: 38766804
Greeetings,

So rauenpc, saving the configs is the same as statically assigning MACs?

Akinsd says the violation will occur again after the switch is reloaded.  I would think
after an unsaved config reload, the switch will have no mac entries  and will flood out
all ports to find MACs.  That would in effect overide any previous port violations.

Saving the run to start would seem to be the way to go.

rayneedssomehelp
0
 
LVL 18

Accepted Solution

by:
Akinsd earned 500 total points
ID: 38768876
Yes
saving the config is the way to go.

You can use the sticky command to learn all currently connected devices, then save your config.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now