Solved

Cisco IOS

Posted on 2013-01-10
5
402 Views
Last Modified: 2013-01-13
Hello,

We have Cisco 3750 switches on our network.  I am planning to configure port security
using the "Stickey" codes.  The IOS is 122.

My question is, if a switch port violation occurs, is the violation removed when the switch
is restarted.  In other words, could this be a way to overide this method of port security?

Thanks in advance!

rayneedssomehelp
0
Comment
Question by:Rayneedssomehelp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 20

Expert Comment

by:rauenpc
ID: 38765856
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.pdf#page2

Once a Mac registers on a sticky port, the Mac goes to the running config. If you then save the running config, the Mac essentially becomes a static port security entry. This means a reload is not always a way around the security feature.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 38766066
Yes, rebooting the switch will reset the log.

I will be a lot concerned if your switches are accessible for anyone to just walk to and reboot though - Talking about physical security.

There are many other features with port security, eg, forcing error disabled state and even configuring recovery alternatives.

The goal for port security is to prevent access. You can even configure the switch to log its violations on a computer.

Rebooting the switch resets it but violations will be triggered again if the condition still exists when the switch loads back up

Hope this helps

All the best
0
 
LVL 5
ID: 38766364
Yes ,

In normal case lines , you need to shut and unshut the port to release the port,  which is the same thing when a switch reloads

I would say have the switch log its activities to a simple syslog server as Kiwi or something in this way you wont miss what happend

Regards
Game
0
 

Author Comment

by:Rayneedssomehelp
ID: 38766804
Greeetings,

So rauenpc, saving the configs is the same as statically assigning MACs?

Akinsd says the violation will occur again after the switch is reloaded.  I would think
after an unsaved config reload, the switch will have no mac entries  and will flood out
all ports to find MACs.  That would in effect overide any previous port violations.

Saving the run to start would seem to be the way to go.

rayneedssomehelp
0
 
LVL 18

Accepted Solution

by:
Akinsd earned 500 total points
ID: 38768876
Yes
saving the config is the way to go.

You can use the sticky command to learn all currently connected devices, then save your config.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question