Cisco IOS

Hello,

We have Cisco 3750 switches on our network.  I am planning to configure port security
using the "Stickey" codes.  The IOS is 122.

My question is, if a switch port violation occurs, is the violation removed when the switch
is restarted.  In other words, could this be a way to overide this method of port security?

Thanks in advance!

rayneedssomehelp
RayneedssomehelpAsked:
Who is Participating?
 
AkinsdConnect With a Mentor Network AdministratorCommented:
Yes
saving the config is the way to go.

You can use the sticky command to learn all currently connected devices, then save your config.
0
 
rauenpcCommented:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.pdf#page2

Once a Mac registers on a sticky port, the Mac goes to the running config. If you then save the running config, the Mac essentially becomes a static port security entry. This means a reload is not always a way around the security feature.
0
 
AkinsdNetwork AdministratorCommented:
Yes, rebooting the switch will reset the log.

I will be a lot concerned if your switches are accessible for anyone to just walk to and reboot though - Talking about physical security.

There are many other features with port security, eg, forcing error disabled state and even configuring recovery alternatives.

The goal for port security is to prevent access. You can even configure the switch to log its violations on a computer.

Rebooting the switch resets it but violations will be triggered again if the condition still exists when the switch loads back up

Hope this helps

All the best
0
 
Rakesh Madupu JNCIE-SP #02079 CCIE-SP#47613Network Development EngineerCommented:
Yes ,

In normal case lines , you need to shut and unshut the port to release the port,  which is the same thing when a switch reloads

I would say have the switch log its activities to a simple syslog server as Kiwi or something in this way you wont miss what happend

Regards
Game
0
 
RayneedssomehelpAuthor Commented:
Greeetings,

So rauenpc, saving the configs is the same as statically assigning MACs?

Akinsd says the violation will occur again after the switch is reloaded.  I would think
after an unsaved config reload, the switch will have no mac entries  and will flood out
all ports to find MACs.  That would in effect overide any previous port violations.

Saving the run to start would seem to be the way to go.

rayneedssomehelp
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.