site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Equipment Support > Hardware By Brand > Cisco > [CCNA] sticky option

Search Topic:
 Uniqs:
802		 Share Topic
Posting?
Post a:
Post a:
Links: ·Submit a new forum topic ·Forum FAQ ·Submit a FAQ ·Docs Guidelines and Advisories ·EOS/EOL thread
AuthorAll Replies


smunro622
Premium
join:2006-02-15
Madison Heights, MI

[CCNA] sticky option

I have some developers starting that never where in our network, they all have laptop and use and run vmware workstation. We use port security can i use the sticky command and set the value to 8? 1 physical to the laptop and 7 for the virtual machines? switch is a catalyst 4503 with 96 ports.

Switch(config)# interface gi 5/1

Switch(config-if)# switchport mode access

Switch(config-if)# switchport port-security

Switch(config-if)# switchport port-security maximum 10

Switch(config-if)# switchport port-security mac-address 0000.0000.0003 (Static secure MAC) physical machine

Switch(config-if)# switchport port-security mac-address sticky

Switch(config-if)#
switchport port-security mac-address sticky 0000.0000.0001 (Sticky static MAC)

Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0002

Switch(config-if)# end

and just keep repeating the command belwo until all 8 address i want are set up?
Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0002

thank you for the help in advance everyone...
to forum · permalink · 2011-01-16 09:14:56 ·

nosx

join:2004-12-27
00000
kudos:5

The whole mac-address-tracking concept is not scalable and a pretty poor security mechanism.
Why not look into using AD integrated windows functionality to just use 802.1x auth on all the ports? Its not difficult to deploy providing you have some competant windows admins.

to forum · permalink · 2011-01-16 11:19:56 ·


Da Geek Kid

join:2003-10-11
::1
kudos:1

AD may not be an option as those machines may have to managed by the local desktop folks...

you can use the swi port-sec and use the restrict option rather than shut to restrict to 10 MAC per port

to forum · permalink · 2011-01-17 14:17:23 ·


smunro622
Premium
join:2006-02-15
Madison Heights, MI

reply to smunro622
trying to weigh all the options, these virt machines will not be part of ad. I want say i want to use the shut command but my gut tells me restrict so i do not have a ulcer. we use port security on everything else with shut. our dev guys have there own area and have a fiber link back to our core form there 4503. we host the blade chassis for them and storage and they manage all the virt machines them self on workstation. the defining line is the switch and we are responsible for that and the physical machine also. they will have there own vlan also for this. its a different setup as the system admins do not talk with the net admins, working on changing that with pizza and donuts once a week... amazing how IT can get along with food...

to forum · permalink · 2011-01-17 23:23:28 ·
Forums > Equipment Support > Hardware By Brand > Cisco

Wednesday, 19-Jun 15:19:34 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics