ISE wireless with HP core switch

Similar Messages

• ISE works with Local-switch Mode

  Hi guys,
  My AP is configured to work as Flexconnect mode with my WLC, that means that my wireless data will be switched locally without getting through my WLC, is that ok for my ISE to controll my wireless access?
  Regards,

  Yes; FlexConnect supports central authentication with both locally and centrally switched traffic models.
  Lots of info about FlexConnect here;
  http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/flexconnect/config_flexconnect_chapter_01.html

• Hyper-v cluster with core switch downtime... what to do?

  Is there a way to essentially "pause" the hyper-v cluster and keep things running but do NOT attempt to failover anything for any reason?
  We have one Procurve 5412zl switch with two c7000 enclosures. In each c7000 enclosure there are two switches that connect all the blade servers within the enclosure. Those two switches are interconnected internally so they can communicate within the enclosure.
  So if the core switch goes down the hyper-v servers in the same c7000 enclosure can still communicate but they will be seperated from the others in the other enclosure.
  So we have 4 hyper-v servers in one enclosure and 3 in another. If i disconnect the core switch i'm wondering what will happen (if I reboot the switch which is what I need to do).
  How can I avoid having to shut down everything for this and just tell hyper-v cluster to not do anything when the network is lost?

  Hi Quadrantids,
  " to essentially "pause" the hyper-v cluster and keep things running but
  do NOT attempt to failover anything for any reason"
  Based on my understanding  you need to keep cluster running on the same C7000 enclosure , in another words before you cut the connection between the C7000 enclosures  you may migrate VMs to same enclosure to keep running (I assume that the
  storage will not be affected by the restart ).
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• ISE mab authentication with Avaya/Nortel switches

  Currently using Cisco ISE 1.1 to authentication both dot1x and mab from Cisco switches. Both features are authenticating properly.
  When we use a Nortel/Avaya switch for the authenticator, we are unable to authenticate using mac bypass (non-eap (or neap) in Avaya talk..). The correct authentication policy is found in the ISE, but the mac address is not found in the database. We know it is there because the same mac is authenticating with the Cisco switch. Dot1x authenticates properly from both the Cisco and Avaya authenticators.
  Could this be an issues with the username/password format in the Radius packet from the Cisco?
  Thanks in advance for any assistance.
  -Kurt

  As requested...
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fet
  chBugDetails&bugId=CSCuc22732
  MAB works from a cisco switch because the cisco switch places the mac address in the calling-station-attribute and the user-name attribute. The Cisco ISE platform is looking at the calling-station attribute to find the user name.This is the problem.
  The radius RFC says the user name must be in the user-name attribute. The calling-station-attribute is not a required field and is used for the phone number of a voip phone. Basically, the ISE platform is looking at the wrong field for the mac address.

• Core (4500x vss) with Access HP switch spanning tree

  Hello Friends,
  i need your support to guide me for this type of topology network in-order to avoid loops...
  like
  2  4500X series switch configure as a VSS working as core switch
  in access layer i have HP switches which are connected with 1G fiber uplinks to each other (cascaded) and back to these Core switch for Vlan forwarding.
  i need help to configure  spanning tree  for such topology and avoid loops.
  Topology is in attached..

  Hi,
  you mean to say, connect each HP switch back to core (VSS) with 2 uplinks and configure as a ether-channel?
  Yes, exactly.
  actually that is  not possible because the lack of fiber cable between the cabinets (core to access) are not much cores.
  How could it not be possible? According to your drawing in your current design ASW-HP1 and ASW-HP3 both connect to the core VSS, core anyway. So it is just a matter of connecting ASW-HP2 to the core.
  Of course you want 2 uplinks from each HP.
  HTH

• Problems with Comodo Kill Switch, Windows Services & Bitlocker Encryption on Asus N56VZ

  Hi All,
  So recently I found myself stuck in a different scenario than before, and after many hours researching and efforts to fix this I still find myself stuck  yet with a few options still to fix.
  What is the problem?
  So as a security cautious user when i first got to Windows 8.1 Pro 64Bit I encrypted both the C and D drive (Split the main disk) to protect myself and my family. Unfortunately that has not been very helpful with the way in which booting and running from
  either external USB devices or CD/DVD works, not allowing myself to at all.
  My usual security suit I  use is Comodo Internet Security, which additionally comes with Comodo Kill Switch. Whilst using the application instead of stopping one of the TCP connections I was meant to I accidently stopped an Windows Explorer connection.
  For some reason since then Windows Explorer, nor most windows apps or services themselves will run. For example msconfig will run but sfc /scannow or mmc will not, whether in safe mode or normal mode.
  What Caused the Problem?
  Cannot 100% say
  What I Think Caused the Problem?
  Myself running Comodo Kill Switch stopping a vital server connection with Windows Explorer that messed up alot. Or a potential Virus unknown how cannot fully scan system as wont boot externally or run many apps.
  Additional Info
  Asus Webcam is Disabled on Purpose
  Laptop was fully customized to run latest games full graphics minus Anti Aliasing, works with Evolve + CoD Advanced Warfare
  Laptop does not boot if USB Keyboard plugged in, works with everything else normal (had this on other systems no problem for me)
  Ask me for more info if required to add here, braindead again
  Specifications of my system
  Intel® Core™ i7 3610QM Processor
  Windows 8.1 Pro 64Bit
  Intel® HM76 Chipset
  DDR3 1600 MHz SDRAM, 2 x SO-DIMM 8GB
  15.6" HD (1366x768)/Full HD (1920x1080)/Wide View Angle LED Backlight
  NVIDIA® GeForce® GT 650M with 2GB DDR3 VRAM
  1TB 5400RPM OR 750GB 5400/7200RPM (Cannot remember off top of head, braindead)
  Super-Multi DVD 
  Kensington lock (Security Feature)
  LoJack (Security Feature)
  BIOS Booting User Password Protection (Security Feature)
  HDD User Password Protection and Security (Security Feature)
  Pre-OS Authentication by programmable key code (Security Feature)
  What Can Run and Won't Run?
  ON BOOT:
  Bitlocker Encryption Password & Advanced Settings are accessible
  Bios (password protected) is accessible
  Windows Recovery Mode is accessible (Think it is F9 or F10)
  Windows Logon Password Screen is accessible
  ON NORMAL/SAFE-MODE START UP:
  After Log-In Windows Explorer will not run
  Task Manager will run, also allows me to browse the files when trying to start new task
  Can run Command prompt
  Cannot run any control panel items
  Cannot run services.msc
  Cannot run mmc
  Cannot run sfc
  Every time it metions windows drive is locked
  Start Error's when running certain applications (Will post codes soon)
  Rufus USB Tool does run
  Cannot boot Kali Linux off USB
  Cannot boot Windows 8.1 off USB
  Cannot boot Windows 8.1 off DVDRW
  Fixwin2 will not run
  Apps either work or don't whether in safe mode or normal
  Cannot use Windows Installer
  What Fixes I Have Tried So Far
  Ok so like any normal user I don't want to lose my files. So here are what I have tried so far:
  Repair MBR (Repair Completed, No Luck)
  SFC /SCANNOW (Returns Error 'Windows Resource Protection could not start the repair service')
  Tried sfc /SCANNOW /OFFBOOTDIR=c:\ /OFFWINDIR=c:\windows (Could not access drive)
  Fixwin2 (Will not run in either normal or safe mode)
  Booting using Windows 8.1 via USB (Cannot boot from extermal devices due to Bitlocker Encryption)
  Booting using Kali Linux Via DVD & USB (Cannot boot from external devices due to Bitlocker Encrytption)
  How do I know it is because of Bitlocker, because last time I disabled it, I could run from external devices
  Tried to run bitlocker to change settings (Will not run)
  Have used both password and recovery keys to unlock driver, they work but when applications are running on windows the drive is still locked?
  Tried windows Automatic Diagnostic and Repair (Could not repair anything, did make a log I am still to extract from the syste)
  There are No System Restore Points
  I'm sure there is much more information I could post however I will leave it on an ask to know basis, apart from the log files and further information to gather. Below is my list of trial and error fixes to try for today (need more ideas and help please!):
  Hiren's 15.2 Boot CD via DVD (NOT ABLE TO BOOT)
  Hiren's 15.2 Boot CD via USB (NOT ABLE TO BOOT)
  Research into the Bios and Possible Update in-case of implementation of Virus, can access flash utility (STILL NOT TESTED)
  Try and get a portable version or a working version of windows installer to try and re-install Comodo Internet Security (STILL NOT TESTED)
  Another way to disable Bitlocker
  Anti-Malware / Anti-Virus Scan If Possible to Run One
  Bitlocker Repair Tool, will try this also
  I have posted this as have not found much info online, usually find it and crack on but this time things are a little more tricky, my priority task I really need to do is remove the Bitlocker Encryption, but if the application will not run... what do I do
  then?
  Thanks for your time reading all, Sorry for any poor formatting or spelling.
  Update 1: MMC.exe Error Code
  Ok so now have the computer in safe mode, still same as before, no explorer.exe, no services etc... Just went into the Task Manager > Services (Tab) > Open Services (Option at bottom)
  This is the error I get:
  'The Instruction at 0x785a746c referenced memory at 0x000000a8. The memory could not be read.
  Any Ideas on what this error is and why?
  Update 2: CHKDSK Works with no Fix
  Update 3: Hiren's 15.2 Boot CD - USB Boot still no luck booting around Bitlocker Encryption
  Just to explain again, I already have unlocked the drive with correct bitlocker password or recovery key yet the drive remains locked not allowing windows refresh of files of complete install from the windows recovery menu as keeps saying drive is locked

  Ok so attempt number two to write this update via bloody phone! (Just refreshed page whilst writing!)
  Update 4:
  Problem - cannot run from bootable devices (DVD/USB)
  Cause - bitlocker fully encrypted drive stops this working
  Repair - Boot up holding F9 to enter windows recovery Input Bitlocker recovery keys to unlock drives
  Navigate to Command Prompt in advanced settings Execute following code:
  Repair-bde c: d: -rp 000111-222333-444555-etc...
  (Code found from https://technet.microsoft.com/en-us/library/ee523219%28v=ws.10%29.aspx)
  Note for those using this: It is common while unlocking certain drives to get errors such as: Quote from http://www.benjaminathawes.com/2013/03/17/resolving-partial-encryption-problems-with-bitlocker/
  "LOG INFO: 0x0000002aValid metadata at offset 8832512000 found at scan level
  1.LOG INFO: 0x0000002b Successfully created repair context.
  LOG ERROR: 0xc0000037 Failed to read sector at offset 9211592704.
  (0×00000017) LOG ERROR: 0xc0000037 Failed to read sector at offset 9211593216.
  (0×00000017) …followed by around 20 similar entries that differed only by the offset value"
  Repair Status for Update 4: COMPLETED - However over wrote D drive data so now need to recover that
  Problem 2 - windows services corrupted along with windows files
  Cause - Unknown
  Repair - wait until system is fully decrypted Once fully decrypted ensure boot from USB/DVD
  Re-do fixes that would not work before if this has fixed boot issue Confirm fix / update post Hope anything I put here helps others also

• How to create a Access list on core switch to bloxk all Internet Traffic & allow some specific Internet Traffic

  Hellp Everyone,
  I am trying to create a Access-List on my Core Switch, in which I want to allow few internet website & block the rest of them.
  I want to allow the whole Intranet but few intranet websites also needs access to the internet.
  Can we create such Access-List with the above requirement.
  I tried to create the ACL on the switch but it blocks the whole internet access.
  i want to do it for a subnet not for a specific IP.
  Can someone help me in creating such access list.
  Thanks in Advance

  The exact syntax depends on your subnets and how they connect to the Internet. If you can share a simple diagram that would be much more informative.
  In general just remember that access-lists are parsed from the top down and as soon as a match is found, the processing stops. So you put the most specific rules at the top. also, once you add an access-list, there is an implicit "deny any any" at the end.
  The best approach is to create some network object-groups and then refer to them in your access list. From your description, that would be something like three object-groups - one for the Intranet (Intranet), one for the allowed servers that can use Internet (allowed_servers), and a third for the permitted Internet sites (allowed_sites).
  You would then use them as follows:
  ip access-list extended main_acl
  permit any object-group intranet any
  permit object-group allowed_servers object-group allowed_sites any
  interface vlan
  ip access-group main_acl in
  More details on the syntax and examples can be found here:
  http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-2mt/sec-object-group-acl.html#GUID-BE5C124C-CCE0-423A-B147-96C33FA18C66

• Can no longer connect to internet wirelessly with Linksys WRT54G...

  Hi, all...
  I'm at my father-in-law's house. His home network setup is as follows:
  * Compaq desktop connected via Ethernet cable to
  * Linksys WRT54G, v3 (IP 192.168.2.1) connected via Ethernet cable to
  * Westell DSL modem provided by SouthEast Telephone (his ISP - IP 192.168.1.1)
  I set this equipment up for him about 18 months ago. His Compaq desktop connects perfectly to the internet, using the setup I described above, which I set up for him about 18 months ago. I *used* to be able to connect to the internet wirelessly (with both my IBM ThinkPad and my MacBook; my bro-in-law *used* to be able to connect to the internet wireless (with his Dell laptop).
  For reasons we don't yet understand, neither of us can connect wirelessly to the internet any longer. I have called Linksys, posted to their board, and read other threads here, so I am aware that MacBooks have some issues with Linksys routers. I'm getting ready to phone my father-in-law's ISP, to see if they can help.
  But... I don't understand why this used to work, but doesn't any longer. I would be very grateful for any help any of you great folks could provide, and I will gladly post here any detailed info on the setup that might be of help!
  Many thanks,
  Bill J.
  MacBook 2.0   Mac OS X (10.4.8)   iMac 17in Core 2 Duo 2.0, AirPort Extreme, AirPort Express, IBM NetVista M42

  Thanks for your reply.
  Actually the Linksys 2Wire modem works fine in OSX and when connecting via a Compaq PC I also have in the house. It is just on the MacBook running XP that it fails to "connect". XP see's the network but cannot connect.
  Also, I downloaded again bootcamp and created a fresh driver CD, reinstalled the driver and received the same error: 1706 No valid source could be found for product Macintoish Drivers foir Windows XP.msi.
  I looked at the directory on the CD and it appears that there are no driver files, only documentation.
  I called Apple, got no help, called Microsoft, spent 1.5 hours talking to them
  they were no help either.
  I sent a messge to the bootcamp beta mail address informing them that it seems the drivers are not being downloaded with bootcamp.
  Thx again.

• Infinity won't work wirelessly with Ubuntu OS

  I'm running Ubuntu Netbook Edition and upgraded my BT broadband to Infinity on 28.12.11, using the same HomeHub3 that worked perfectly well with the old Total service.
  It doesn't work, wirelessly. I can get an apparently strong connection, but its agonisingly slow. At the same time, an ethernet connection works well, When I switch from one to the other and test the speed, I can watch the bandwidth fall away (i.e.: it isn't immediately disconnected.)
  Nobody at BT can or will help, telling me that Ubuntu is 'unsupported' (i.e.: it's my problem). I reported this problem to BT - ref: xxxxxx-xxxxxx - via its complaints form on 28.12.11, but have had no response.
  I've spent much time this past week on internet help forums. It transpies that BT has known about this issue with Ununtu for six months, but has apparently done nothing about it and cannot suggest a solution.
  Suggested workarounds from other Ubuntu users involve manually reconfiguring one's connection, but my netbook won't allow me to apply the changed settings, or to change the router settings from N to G tech., but that only worked temporarily for me and, besides, my netbook is only a couple of year old.
  When I was sold Infinity, nobody mentioned that it doesn't work with Ubuntu. Frankly, I feel it was mis-sold as I intended to increase the bandwidth of my Total account and was persuaded to take Infinity on the grounds that it's a superior service for the same price. Not from where I sit, it isn't.
  The only solution I can see is to get BT to switch me back to their Total service, which suited me fine. I'm going to get their engineer to come back and uninstall Infinity. I will also complain to Offcom, as this situation could easily have been avoided had the BT sales person told me that Infinity won't work wirelessly with Ubuntu.

  Firstly your negotiating skills with BT are far better than mine....
  "....Total account and was persuaded to take Infinity on the grounds that it's a superior service for the same price"
  I was on BT Total BB and had to pay an extra £2 pm for Infinity and then an extra £4.75pm uplift of the calls package to give me the same anytime calls I had previously.... And had to re-start another 18month contract!!! Ohhh well.
  Right onto the problem... Webby's suggestion of making sure your on a clear or least used wireless channel is good advice.
  Here is the link to the free software http://www.metageek.net/products/inssider/
  Have a look at a demo,- http://www.youtube.com/watch?v=pf2kZCfYTxI
  To be honest I would move your HH3 from the Automatic setting to a fixed wireless channel as they seem to work better like that.
  If your Operating System won't work with Inssider I would then just try a different channel starting at 1 and work up... seeing how things go.
  Regarding setting your HH3 to wireless g, that is a very backward step as the most you'll get over that would be around 20Mbps depending on your distance from hub etc.
  Couple of pics comparing my speed test over wireless g and n in THIS POST.
  Another thing I would try is a wireless n USB adapter... just in case your m/c is only g 
  Links of how to identify what yours is and pictures of the difference in the "Network Sharing Centre".. 54Mbps being g and anything above is wireless n....
  Wireless n gives the best speed assuming your Infinity download IP is more than 20Mbps. Also wireless n signal is more robust penetrating walls etc.
  There are links to the type of wireless n adapters I use... Picture of one HERE, (Don't need the extender cable shown in that picture).
  wwwebber's post was very useful.-
  "I use Ubuntu on my laptop with BT Infinity & HH3 with no problems at all. BT is not at fault here - they do not support Ubuntu."
  Confirming Infinity and Unbunto do work... 
  You say ".....but my netbook won't allow me to apply the changed settings, or to change the router settings .... but that only worked temporarily for me......"
  As changing settings worked temporarily you must have been able to log into your HH3. 
  If you really can't log in can you borrow a friends netbook running windows to get logged in perhaps? 
  Log in,- http://bthomehub.home/html/home/home.html go to Advanced settings, wireless. and change Channel settings from Automatic to a channel number then click on Apply.
  I would place your laptop near to the HH3 and move the HH3 wireless channel to a clear channel or start at channel 1.
  Try to get a good wireless n speed..... example of mine 37Mbps  over http://www.speedtest.net/
  Then when you have a reasonable speed move your laptop away... you will notice a drop over distance that's normal.
  I am 20' away from my HH3 and get 37Mbps through a plasterboard wall.
  Regarding other routers people have used http://community.bt.com/t5/BT-Infinity/List-of-Routers-to-replace-Home-Hub-3/td-p/298203
  And see Ady's msg #21 and #25 in THIS THREAD.
  "'ll try the netbook in different locations over the w/e and hope from a solution from Ubuntu before remonstrating further with BT".
  Please let us know how you get on.
  Please Click On any Text in Blue as that automatically links to information.
  PC (NDEGR)

• Printer not connecting wirelessly with iMac

  MacBook Pro working on OSX 10.4.11 wirelessly with Epson PX710W. Tried to add iMac on OS X10.5.8 but failure to connect on every attempt after numerous sessions with Epson Support. Have repaired permissions having previously run verification of HD which was reported OK. Reset printer system and reinstalled drivers without success. Still receiving message job stopped on both computers. On setting up the sample page to print, when selecting the PX 710W printer or the other printer option, there is a quick flash. Then the MacBook will not print due to 'communication error'. But if the PX710W is turned off and then on again, the MacBook will print.
  Any help would be appreciated.

  Switch router to channel 1. Disable and remove all security on the router. Now try to connect to your unsecured SSID. Are you successful?
  Say thanks by clicking the Kudos Thumbs Up to the right in the post.
  If my post resolved your problem, please mark it as an Accepted Solution ...
  I worked for HP but now I'm retired!

• D-Link DIR-615 cannot access wirelessly with iPhone 3G

  I've added another router to my home to get better range in the far corners of the house. I added a D-Link DIR-615 hard wired to my first router. I can access this new router both by cable and wirelessly with my laptop, but not wirelessly with my iPhone.
  I've tried making the password all letters, (saw a post that said numbers don't work??) and even taking out the password and leaving it blank. The iPhone sees the router and identifies it by name. When I try connecting, after entering the password, it says "unable to connect to network". IO can connect to my first router with the iPhone.
  Any suggestions? I'm using WEP for encription, except when I tried it with no passwords! Thanks!

  A few ideas:
  Often the power on sequence is the determining factor in if/how DHCP will work. Especially when it comes to consumer-grade cable modems and routers. Try different power on sequences.
  Try to figure out if your cable modem is storing and enforcing the MAC address of one of your devices. Take the router out of the picture, attach your MBP, and see if it works. Then leave the modem on, unhook the MBP, and plug in a Windows laptop. If it doesn't work, then your modem wants/needs to only see one MAC address. If this is the case, look in your routers settings for "Spoof this computer's MAC Address" and you should be good to go.
  One trick I've used in the past is to assign an entirely new subnet for the router to hand out. For example if it used to give out 192.168.1.x, the new subnet would be set to 10.1.1.x. This forces every system and rebuild its caches. Too many times routers, controllers, OSes, apps, and even hardware like phones keep caches to help speed things up. It's not always obvious how to reset these. But by switching subnets you force every device to rebuild the caches.
  Good luck.

• Steps to upgrade Cisco MDS core switch

  Hello,
  We wanted to upgrade our Cisco SAN core switch firmware. Currently we are running below firmware version. We wanted to go to latest version NX OS 5.2 (x) but as per the white paper i need to go to 5.0 (X) and after that i need to upgrade it to 5.2 (x). Can some help me with the steps to follow the upgrade. I have th cook book but just need the main steps to perform the upgrade.
  kickstart: version 4.1(1c)
    system:    version 4.1(1c)

  are you using IVR non-NAT, if you are you need to convert to IVR-NAT before you go to 5.2. Other than that you just follow the  normal procedure, look at the release notes for each firmware to make sure your hardware is supported and then do the usual
  install all system bootflash:m9x00-xxx.bin kickstart bootflash:m9x00-xxx-kickstart-xx.bin
  as a side note, i know you don't mark people replies to your questions as helpful/correct on EMC ECN ..at least do it here to show your appreciation.
  @dynamoxxx

• Difference between core switch types WS-C3750X-12S-S and N3K-C3524P-10G?

  Hello All,
  I am new to this domain and yet have to look after the setup of our datacenter for a new branch. Could any one of you provide difference between core switch types WS-C3750X-12S-S and N3K-C3524P-10G!
  Thanks in advance!!

  N3K-C3524P-10G
  24 fixed 1/10-Gbps SFP+ ports; upgradeable to 48 with a valid license
  Line-rate Layer 2 and Layer 3 throughput of up to 480 Gbps
  Compact 1RU form factor
  Dual redundant color-coded power supplies
  Four redundant color-coded fans

• Intermittent wireless with Vista

  Hi
  Just wondering if anyone can help me please?
  Just installed BT Home hub 2.0 and I can pick up the wireless with no problems on my 1 laptop with XP but no such luck on the other laptop with Vista.  If our Sky is switched off at the wall it works but not when it is switched on yet the one with XP works constantly.
  Please not too complicated a response I am not that aux fais with all the technical terms and jargon :-)
  Thanks

  Have  you tried changing the wireless channel on your hub?
  go to hub home page - 192.168.1.254
  click on wireless
  channel selection may be on auto - change to another number.
  you may also want to download InSIDDer to see what networks are about.  You may need to change the channel setting on the hub to move to a less congested one
  Link to InSIDDer http://www.metageek.net/products/inssider

• Connecting core switch to the internet ?

  Hi,
  We have 2 6506's connected through an ether-channel trunk.
  On these 6506's we have configured a vlan, vlan interface and 2 access ports for 2 ASA's.
  These ASA's run in failover mode but only one ASA is physically connected at the moment.
  We want to be more resilient so our provider has provided us with a redundant setup of routers for our internet connection.
  However, for this construction they would need a layer 2 connection on our side to have HSRP running.
  There are 2 options in my opinion :
  - Buy a set of switches to facilitate the layer-2 connection between te routers and to connect the outside of the ASA's.
  - Instead of buying 2 new switches, create a new unrouted vlan on our core 6506's and use access-ports for the routers and the ASA's.
  But how safe is it to connected the core switch with an unrouted vlan to the internet router ?
  In terms of vlan hopping or other possible attacks ?
  I think i have to disable DTP, Spanning-Tree, CDP and maybe a lot more ?

  I am as far as applying this to secure the port :
  switchport
  switchport mode access
  switchport access vlan X
  switchport nonegotiate
  spanning-tree bpdufilter enable
  spanning-tree portfast edge
  switchport port-security
  switchport port-security maximum 3
  switchport port-security violation restrict
  no cdp enable
  Any additions to this ?