Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 449
  • Last Modified:

Cisco IOS

Hello,

We have Cisco 3750 switches on our network.  I am planning to configure port security
using the "Stickey" codes.  The IOS is 122.

My question is, if a switch port violation occurs, is the violation removed when the switch
is restarted.  In other words, could this be a way to overide this method of port security?

Thanks in advance!

rayneedssomehelp
0
Rayneedssomehelp
Asked:
Rayneedssomehelp
1 Solution
 
rauenpcCommented:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.pdf#page2

Once a Mac registers on a sticky port, the Mac goes to the running config. If you then save the running config, the Mac essentially becomes a static port security entry. This means a reload is not always a way around the security feature.
0
 
AkinsdNetwork AdministratorCommented:
Yes, rebooting the switch will reset the log.

I will be a lot concerned if your switches are accessible for anyone to just walk to and reboot though - Talking about physical security.

There are many other features with port security, eg, forcing error disabled state and even configuring recovery alternatives.

The goal for port security is to prevent access. You can even configure the switch to log its violations on a computer.

Rebooting the switch resets it but violations will be triggered again if the condition still exists when the switch loads back up

Hope this helps

All the best
0
 
Rakesh Madupu JNCIE-SP #02079 CCIE-SP#47613Commented:
Yes ,

In normal case lines , you need to shut and unshut the port to release the port,  which is the same thing when a switch reloads

I would say have the switch log its activities to a simple syslog server as Kiwi or something in this way you wont miss what happend

Regards
Game
0
 
RayneedssomehelpAuthor Commented:
Greeetings,

So rauenpc, saving the configs is the same as statically assigning MACs?

Akinsd says the violation will occur again after the switch is reloaded.  I would think
after an unsaved config reload, the switch will have no mac entries  and will flood out
all ports to find MACs.  That would in effect overide any previous port violations.

Saving the run to start would seem to be the way to go.

rayneedssomehelp
0
 
AkinsdNetwork AdministratorCommented:
Yes
saving the config is the way to go.

You can use the sticky command to learn all currently connected devices, then save your config.
0

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now