Brian Terror
2006-12-05 17:47:44 UTC
i am trying to manage cisco switches that all have port security enabled on
them. so basically i would need to do more with netdisco than enable or
disable a port, i would also need to clear the current mac-address table. i
hope somebody here using port security other than me...
on a cisco 2924xl the config looks like this:
interface FastEthernet0/6
port security max-mac-count 1
port security action shutdown
switchport access vlan 113
spanning-tree portfast
!
the mac of the first device plugged in to this port is recorded and if
another mac is seen on this port it is shutdown. if a port becomes locked
out now the way i resolve the issue is by entering the device via cli,
issuing the clear mac-address-table cmd, then do a no shut on the interface
that was violated.
on a 2950 its a little bit different because i use sticky mac addresses
interface FastEthernet0/6
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0001.0335.9ea0
if a violation occurs here the port is put in an err-disabled state. you
then have to clear port-security sticky and do a shut/no shut on the
interface. i do not have err-recovery enabled but i was thinking about
using that feature if it helps me out with netdisco
_________________________________________________________________
WIN up to $10,000 in cash or prizes enter the Microsoft Office Live
Sweepstakes http://clk..atdmt.com/MRT/go/aub0050001581mrt/direct/01/
them. so basically i would need to do more with netdisco than enable or
disable a port, i would also need to clear the current mac-address table. i
hope somebody here using port security other than me...
on a cisco 2924xl the config looks like this:
interface FastEthernet0/6
port security max-mac-count 1
port security action shutdown
switchport access vlan 113
spanning-tree portfast
!
the mac of the first device plugged in to this port is recorded and if
another mac is seen on this port it is shutdown. if a port becomes locked
out now the way i resolve the issue is by entering the device via cli,
issuing the clear mac-address-table cmd, then do a no shut on the interface
that was violated.
on a 2950 its a little bit different because i use sticky mac addresses
interface FastEthernet0/6
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0001.0335.9ea0
if a violation occurs here the port is put in an err-disabled state. you
then have to clear port-security sticky and do a shut/no shut on the
interface. i do not have err-recovery enabled but i was thinking about
using that feature if it helps me out with netdisco
_________________________________________________________________
WIN up to $10,000 in cash or prizes enter the Microsoft Office Live
Sweepstakes http://clk..atdmt.com/MRT/go/aub0050001581mrt/direct/01/