Difference between protect/restrict port security violation action?

Similar Messages

• SG-500-28P How to configure switchport port-security violation setting

  Is there a way to do switchport port-security violation {protect | restrict | shutdown} in SG-500-28P in case of a BPDU Guard violation?
  Seems like the default option is shutdown and I don't know how to change it.
  Thank you!

  Hi,
  you can recover this Violation.By using below command:
  To enable automatic re-activation of an interface after an Err-Disable shutdown, 
  use the errdisable recovery cause Global Configuration mode command. To 
  disable automatic re-activation, use the no form of this command.
  Syntax
  errdisable recovery cause {all | port-security | dot1x-src-address | acl-deny | 
  stp-bpdu-guard | loopback-detection | udld }
  no errdisable recovery cause {all | port-security | dot1x-src-address | acl-deny | 
  stp-bpdu-guard | loopback-detection | udld }
  For more information:
  Refer this URL:page no :406
  http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/Sx500/cli_guide/CLI_500.pdf
  regards
  Moorthy

• SCOM 2012 SP1 Cisco Port Security Violations

  Hello,
  I'm fairly new to System Center but have learning quite a bit over the last year. I am looking for some information on how to generate an alert  off of a port-security violation.  There's not much information about this so i'm wondering if anyone
  out there has experience doing this.
  Also, we run a fairly large Cisco environment (20000+ switchports), so my next question is, do I have to be monitoring every switchport to see a port-sec event happen.  I've run some debug snmp packets on my Cisco devices, and I do see the SNMP trap
  sent for the port-security violation.
  The universal device poller that I setup for this is: OID 1.3.6.1.4.1.9.9.315.1.2.1.1.2 or the MIB CISCO-PORT_SECURITY-MIB:cpsIfPortSecurityStatus, so i'm pretty confident that i've got the right data.  I'm just looking for a way to see these events happen
  without having to monitor every single switchport on my network and if the alert will tell me which switch, which port had the violation.
  Any help is always appreciated.

  Hi,
  I have to say that I don't have experience doing this, but in my opinion, if you there is log files about that information, we can use SCOM to monitor the log file and fire alerts according to your requirements.
  Based on my research, the output of the port-security debug may have information about which switch, which port had the violation. (I am not familiar with cisco device, if there is any misunderstanding, please feel free let know)
  Regards,
  Yan Li
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Port-Security violation

  Hi all,
  I'm sending syslog messages from some access switches to CiscoWorks's syslog server. CiscoWorks is installed on a Windows 2003 machine.
  I can see %PORT_SECURITY-2-PSECURE_VIOLATION messages in the syslog.log file (located in C:\Program Files\CSCOpx\log\),
  but the messages do no appear in the RME \ Syslog Analyzer Severity Level Summary Report.
  Are there some variables/options that I must set/check in order to get the port-security violation (severity=2) messages included in the report?
  Thanks for any hints!

  Hello
  I do also happened the same with a network point and place the mac as drop and so far has not been blocked port:
  WS-C2960X-48FPD-L  15.0(2)EX5            C2960X-UNIVERSALK9-M
  mac address-table static 7e77.3777.5776 vlan xx drop
  mac address-table static 7e77.377a.57d6 vlan xx drop

• 802.1X Port Based Authentication - IP Phone- MDA - Port Security Violation

  I have configured 802.1X authentication on selected ports of a Cisco Catalyst 2960S with Micorsoft NPS Radius authentication on a test LAN. I have tested the authentication with a windows XP laptop, a windows 7 laptop with 802.1X, eap-tls authentication and a Mitel 5330 IP Phone using EAP-MD5 aithentication. All the above devices work with with the MS NPS server. However in MDA mode when the  802.1x compliant  windows 7 laptop is connected to the already authenticated Mitel IP Phone, the port experiences a security violation and the goes into error sdisable mode.
  Feb  4 19:16:16.571: %AUTHMGR-5-START: Starting 'dot1x' for client (24b6.fdfa.749b) on Interface Gi1/0/1 AuditSessionID AC10A0FE0000002F000D3CED
  Feb  4 19:16:16.645: %DOT1X-5-SUCCESS: Authentication successful for client (24b6.fdfa.749b) on Interface Gi1/0/1 AuditSessionID AC10A0FE0000002F000D3CED
  Feb  4 19:16:16.645: %PM-4-ERR_DISABLE: security-violation error detected on Gi1/0/1, putting Gi1/0/1 in err-disable state
  Feb  4 19:16:17.651: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down
  Feb  4 19:16:18.658: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to down
  If the port config  is changed to "authentication host-mode multi-auth", and the laptop is connected to the phone the port does not experience the security violation but the 802.1x authentication for the laptop fails.
  The ports GI1/0./1 & Gi1/02 are configured thus:
  interface GigabitEthernet1/0/1
  switchport mode access
  switchport voice vlan 20
  authentication event fail action authorize vlan 4
  authentication event no-response action authorize vlan 4
  authentication event server alive action reinitialize
  authentication host-mode multi-domain
  authentication order dot1x mab
  authentication priority dot1x mab
  authentication port-control auto
  mab
  mls qos trust cos
  dot1x pae authenticator
  spanning-tree portfast
  sh ver
  Switch Ports Model              SW Version            SW Image
  *    1 52    WS-C2960S-48FPS-L  15.2(1)E1             C2960S-UNIVERSALK9-M
  Full config attached. Assistance will be grately appreciated.
  Donfrico

  I am currently trying to get 802.1x port authentication working on a Cat3550 against Win2003 IAS but the IAS log shows a invalid message-authenticator error. The 3550 just shows failed. When I authenticate against Cisco ACS (by simply changing the radius-server) it works perfectly.
  However, I am successfully using IAS to authenticate WPA users on AP1210s so RADIUS appears to be OK working OK.
  Are there special attributes that need to be configured on the switch or IAS?

• Difference between Share Permissions and Security NTFS Folder Permissions

  What is the main difference between share and security in
  1. 2003 server and above:
  2. How in Organisations share data folder for users
  AS per me i Have following conclusion 
  1.
  Yes - Always open up Share permissions to Everyone-Full and the ACL (apply permissions) to the actual data
  folders (must be NTFS). With NT4 and W2000 you can leave the Share permissions at default when you create them and just ACL the NTFS data structures.
  With W2003, the default Share permission is locked down to Read, and as Share permissions over-ride NTFS permissions,
  even if you have Write access in the data folders, accessing via the Share will restrict to Read-Only, so you must open up the Share permissions on all new W2003 Shares that you create.
  2.
  Yes you can. Share the top level directory of your data. Open up the Share permissions to Everyone - Full,
  and then ACL the sub-folders appropriately for you different user access requirements. Don't permission (ACL) any data with 'Everyone' always use Groups (or users if you must...e.g. Home Directories), and at minimum for 'public' data use 'Authenticated Users'.
  Users will all be able to access the share, but only access folders and data that you allow via the NTFS permissions (ACLs).
  The only other way is to create separate shares for each different access requirement - a pain and none too
  flexible. Also if with W2K3 you leave the default Share permission (Read), even though you grant 'Write' NTFS permissions on the data, your users won't be able to write new data or make changes if they access via the Share, as Share permissions over-ride the
  NTFS permissions.
  If You have any other options so please suggest me or otherwise mark it as Answer 

  Sounds good. :)
  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.

• Difference between UCOS restricted version and unrestricted version

  Hi to all,
  somebody knows which is the difference between restricted version and unrestricted version??
  Which are the main differences??
  Thanks
  David

  Hi.
  Basically restricted version has encryption enabled and unrestricted not.
  You may give a look to this thread.
  https://supportforums.cisco.com/discussion/11409366/restricted-version-and-unrestricted-version-ccm-comparison
  HTH
  Regards
  Carlo

• Difference between HTTP Server port and HTTP Server listen port

  Hi,
  What's the difference between the following?
  Oracle HTTP Server port = 7780
  Oracle HTTP Server listen port = 7781
  They are the ports used in my 9ias 9.0.3 instance.
  Please advise.
  Thank you.

  Hi,
  The server port, 7780, is port where HTTP server response and listen ports are other ports tha HTTP Server can listen. In IAS, the default configuration, the server port is response for Web Cache and Web Cache connect with HTTP Server in listen port.
  Marcio Mesti

• Difference between LOA paid LOA unpaid personnel actions?

  Hi experts,
  I just wanted to know how the difference between personnel actions LOA paid and LOA unpaid is specified in personnel actions in regards to infogroups and any configuration settings.
  Thanks..
  JEss..

  Hi,
  These actions are defined just to identify em[loyee as on Leave on Absence and some employees remain active and are paid and some get inactive and are not paid.
  Depending uon requirement with client either wage types are separated to be paid along with employee group sub group defined separately.
  Thanks,
  Ameet

• Pb in BEx : Total result of differences between 2 restricted KF

  Hello,
  I have a big problem in the BEX and the best is to give you an example of a scenario:
        Quant1    Quant2         Difference(absolute value)
  M1   Q1  = 100  Q2  =  80    |Q1 – Q2| = 20
  M2   Q3  = 90   Q4  =  100   |Q3 – Q4| = 10
  Tot. R1  = 190     R2  =  180           R ??
  For the ratio R, I want to have the sum of the differences, ie R = 20 + 10 = 30 (instead of 190 – 180 = 10).
  If the materials are displayed, I can do that using the propertie of totalisation of result for the formula.
  The problem is when I remove the material in order to only have the result, I’d like to have the same result, ie the sum of each difference of the materials that compose the result (even if the materials are not displayed anymore). The reality is that it calculates the formula again with the quantities of the total line, ie |R1 – R2| = 10.
  I think the Bex can’t do that as from the moment when I use restricted key figures (which is the case in my scenario).
  Do anyone have an idea on how to have my report as I want ?
  Thanks for all the answers.
  Vanessa

  Hello Arun,
  Yes I have exactly these properties for the ratio of difference:
  "calculate result as" : summation
  "calculate single values as" : Nothing defined
  "Formula collision" : Nothing defined
  It doesn't matter changing the formula collision as there is no formula collision (I've tried).
  I think the problem comes from the fact that when the materials and the result are displayed, materials are considered as single values and the result as a result.
  When I remove the material, the result becomes a single value and therefore, it isn't correct.
  But I don't understand why there is no way to avoid this problem as it is a current problem (everybody should use differences or ratios...). There must be something to do but I don't know why.
  Thanks for your help

• Difference between Site Studio Designers security and UCM's

  When creating a website you can change the security for a site through designer. The security for the layout file home page can be changed with a UCM update. Currently I have home page within Designer set to secure but UCM is public. This works by preventing public users from getting the the web site but is confusing. Is Designer setting an internal variable so that the web site is pertected? Should I change the security group for the layout file in UCM?

  Hi
  The way the website designer puts security to the site is similar to the way you apply security groups to the contents on UCM (content server).The only difference in the site's case is that you can specify if you want only specific sections of the site to be Public / any other sec grp or if you want the whole site to be under one single sec grp.
  This can be done from Properties view of the Designer.
  Hope this helps.
  Thanks
  Srinath

• Difference between "Empty trash" and "Secure Empty trash"

  Hi everyone,
  Today I used the "Secure Empty Trash" function by pressing the options key while "right clicking" on the trash. And in the message it said that if I empty the trash that way, I won't be able to recover the data. Which is what I wanted and is ok. But then the way it's said makes you think that if you don't do it that way then the normal "Empty Trash" doesn't really empty the trash and gives you the possibility of take the data back even after emptying the trash.
  I know some programs can help you do that. Either they recuperate the data after being installed separately or it's a sort of backup program like some by Norton on Windows were basically it backs up the Windows trash. But my question is, when they say with the "Empty Trash" message that you can recuperate the data, does it mean with one of those external programs or is there a hidden folder somewhere on Mac OS X where I can find all the stuff that ever went in my trash ?
  Thanks for your help !

  emptying the trash the normal way, deletes the reference of where the files exist on the hard disk, and shows the space these files occupy as empty space, now its deleted, and you can use whatever space these files used before deleting them, but you can use some pro apps that recover lost data, specially in case of mistaken deletion, as long as the sectors these files used on the hard disk were not used to store on by other data.
  while emptying the trash securely, does the same of normal emptying but it makes an additional step of over writing the sectors of the hard used by these data an amount of times, so its impossible for pro apps that recover data to read anything was stored on the hard disk after secure deletion.

• TS1424 What's the difference between "protected mpeg 4" and "mpeg 4"?

  I recently downloaded a tv series and can only view episodes labelled "protected mpeg-4".  Those labelled "mpeg-4" are unplayable.  Error message "This movie requires QuickTime, which is not supported by this version of iTunes" appears.  We have the latest version of itunes, and if I open quick player on my mac I can play the mpeg 4's. They just won't work through itunes, which means I'm unable to play them (as far as I know) on the ipod/pad.  Can anyone help please?

  Thanks, if I put a logic board from one iPhone 4 on gsm in to an iPhone 4 CDMA would it work ? Thanks

• Is there a difference between the USB ports on an imac 2010 and macbook air 2011?

  Hello,
  I'm asking this question on behalve of a severe disabled friend.
  He has a special keyboard on USB.
  When I connect it to his or my iMac 2010, we need to reboot several times until the KB is recognised.
  When I connect that same KB to my macbook air 2011 it has no issues at all.
  The iMacs are 2.7GHz i5 running Lion.
    Host Controller Location:          Built-in USB
    Host Controller Driver:          AppleUSBEHCI
    PCI Device ID:          0x1c2d
    PCI Revision ID:          0x0005
    PCI Vendor ID:          0x8086
    Bus Number:          0xfa
  The MBA is a 1.8GHz  i7 running Lion.
    Host Controller Location:          Built-in USB
    Host Controller Driver:          AppleUSBEHCI
    PCI Device ID:          0x1c2d
    PCI Revision ID:          0x0005
    PCI Vendor ID:          0x8086
    Bus Number:          0xfa
  the keyboard info can be found at http://lucykeyboard.com
  Would appreciate some help as a few shops in Belgium are not that helpfull for this kind of troubleshooting.
  Thank you in name of Mario.
  Peter LOX

  Guy would this be of any help:
  To start up your computer in Apple Hardware Test:
  Press the power button to turn on your computer.
  Press and hold the D key before the gray startup screen appears. If Apple Hardware Test does not start up, see the Additional Information section at the end of this article.
  Note: Some Macintosh computers that shipped with OS X Lion support the use of Apple Hardware Test over the Internet. These computers will start up to an Internet-based version of AHT if the hard drive does not contain AHT.  An Internet-enabled connection via Ethernet or Wi-Fi is required to use this feature.
  It takes a minute or so for Apple Hardware Test to start up and inspect your hardware configuration. While this is taking place, an icon appears on the screen:
  When the process is complete, select your language and click the right arrow. If you aren't using a mouse, you can use the up and down arrows to select a language and then press the Return key.
  The Apple Hardware Test console appears. You can choose which sort of test or tests to perform:
  To perform all of the basic tests, click the Test button or press the "T" key or the Return key.
  To perform a more thorough diagnostic test, select the "Perform extended testing" checkbox under the Test button before you click the Test button.
  Your test results will appear in the window in the bottom-right of the console.
  To exit AHT, click Restart or Shut Down at the bottom of the window.

• What's the difference between Protect and Lock tabs?

  I'd like to begin each new session with the same pinned tabs open to the landing page for each site. I'm not sure how to do that

  You may set Firefox to start with tabs from the previous session. That is in the preferences | options from the menu button .
  * See [[Startup, home page and download settings]]
  You may pin tabs from an option on right clicking them. Such pinned tabs are remembered with other tabs if you set Firefox to use the previous sessions tabs.
  You may also be interested in customising and pinning sites to the newtab page.
  * [[New Tab Page – show, hide and customize top sites]]