?
Solved

Cisco IOS

Posted on 2013-01-10
5
Medium Priority
?
427 Views
Last Modified: 2013-01-13
Hello,

We have Cisco 3750 switches on our network.  I am planning to configure port security
using the "Stickey" codes.  The IOS is 122.

My question is, if a switch port violation occurs, is the violation removed when the switch
is restarted.  In other words, could this be a way to overide this method of port security?

Thanks in advance!

rayneedssomehelp
0
Comment
Question by:Rayneedssomehelp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 20

Expert Comment

by:rauenpc
ID: 38765856
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.pdf#page2

Once a Mac registers on a sticky port, the Mac goes to the running config. If you then save the running config, the Mac essentially becomes a static port security entry. This means a reload is not always a way around the security feature.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 38766066
Yes, rebooting the switch will reset the log.

I will be a lot concerned if your switches are accessible for anyone to just walk to and reboot though - Talking about physical security.

There are many other features with port security, eg, forcing error disabled state and even configuring recovery alternatives.

The goal for port security is to prevent access. You can even configure the switch to log its violations on a computer.

Rebooting the switch resets it but violations will be triggered again if the condition still exists when the switch loads back up

Hope this helps

All the best
0
 
LVL 5
ID: 38766364
Yes ,

In normal case lines , you need to shut and unshut the port to release the port,  which is the same thing when a switch reloads

I would say have the switch log its activities to a simple syslog server as Kiwi or something in this way you wont miss what happend

Regards
Game
0
 

Author Comment

by:Rayneedssomehelp
ID: 38766804
Greeetings,

So rauenpc, saving the configs is the same as statically assigning MACs?

Akinsd says the violation will occur again after the switch is reloaded.  I would think
after an unsaved config reload, the switch will have no mac entries  and will flood out
all ports to find MACs.  That would in effect overide any previous port violations.

Saving the run to start would seem to be the way to go.

rayneedssomehelp
0
 
LVL 18

Accepted Solution

by:
Akinsd earned 2000 total points
ID: 38768876
Yes
saving the config is the way to go.

You can use the sticky command to learn all currently connected devices, then save your config.
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question