SG-500-28P How to configure switchport port-security violation setting

Similar Messages

• How to Configure SMTP Port in ODI

  Hi,
  Someone know how to configure SMTP port in the ODI tool? I tried changing the port number in the odiparams but I still encountered an error:"Could not connect to SMTP host." when executing the odisendmail package object though I can access the SMTP Server thru tracetcp.
  TIA,
  Cathy

  950484 wrote:
  Hi Bhabani,
  Thanks for the quick response :) . I saw your post and its a nice approach in sending mail instead of using an odi package object odisendmail. However, the requirement is not to use the gmail credentials but to use the credentials provided to us. But I noticed that the port used for the SMTP server is not the default port number which is 25. So I am guessing that the reason why I cannot connect to the SMTP host is because of the port number. Do you know how to solve this?If you want to change the SMTP port then do the following
  edit smtplib.py located at <ODI_HOME>/oracledi/lib/scripting/LIB
  change SMTP_PORT to what ever port you want .
  restart ODI
  execute your mail sending program

• Switchport port-security on Routers ?

  Hi All,
  Wanting to restrict LAN ports on a 857 router to particular MAC addresses.
  But the router doesn’t support the switchport command at all.
  So tried on 1800 series and though it does support "switchport”, it doesn’t support "switchport port-security"
  Is there a particular router model that does or any other way around implementing a solution where if a rogue device plugs into the router the port shuts down?
  thanks,
  Ivan

  Hi,
  Switchport port-security as the name implies is to be configured on switchport. VLAN interface on the switch is a routed interface and hence, you can't apply any switchport configuration on it and that includes, port security.
  HTH
  Sundar

• Switchport port-security maximum

  I have a 4510R switch, ((cat4500e-UNIVERSALK9-M), Version 03.05.02.E RELEASE SOFTWARE (fc1)).
  I´m configuring the port-security maximum using the following commands:
  switchport port-security maximum 1 vlan access
  switchport port-security maximum 1 vlan voice
  I dont know why some times this work, some times do not work.
  to solve the issue I had to use the three commands:
  switchport port-security maximum 2
  switchport port-security maximum 1 vlan access
  switchport port-security maximum 1 vlan voice
  the documentation do not say nothing about if I have to use the three commands together.

  Hi,
  This is an excerpt from the Configuration Guide for your box and IOS-XE release:
  Each VLAN can be configured with a maximum count that is greater than the value configured on the port. Also, the sum of the maximum configured values for all the VLANs can exceed the maximum configured for the port. In either of these situations, the number of MAC addresses secured on each VLAN is limited to the lesser of the VLAN configuration maximum and the port configuration maximum. Also, the number of addresses secured on the port across all VLANs cannot exceed a maximum that is configured on the port.
  The default "switchport port-security maximum" value for the port is "1". So unless you change this value to "2" your port can sense max. 1 MAC address in either vlan "access" or "voice" ONLY without triggering violation. This means that the total maximum number of MAC addresses allowed  per all configured vlans per port equals ONE at the default only.
  I hope my English makes sense.
  Best regards,
  Antonin

• [switchport port-security mac ] on [interface VLAN n?]

  Hello,
  did anyone tried to use the command [switchport port-security mac-address n?] on [interface VLAN n?] ? (for example in a 2950).
  I don't have the material to make that test, and I am not sure if it works or not.
  Many thanks!

  Hi,
  Switchport port-security as the name implies is to be configured on switchport. VLAN interface on the switch is a routed interface and hence, you can't apply any switchport configuration on it and that includes, port security.
  HTH
  Sundar

• SCOM 2012 SP1 Cisco Port Security Violations

  Hello,
  I'm fairly new to System Center but have learning quite a bit over the last year. I am looking for some information on how to generate an alert  off of a port-security violation.  There's not much information about this so i'm wondering if anyone
  out there has experience doing this.
  Also, we run a fairly large Cisco environment (20000+ switchports), so my next question is, do I have to be monitoring every switchport to see a port-sec event happen.  I've run some debug snmp packets on my Cisco devices, and I do see the SNMP trap
  sent for the port-security violation.
  The universal device poller that I setup for this is: OID 1.3.6.1.4.1.9.9.315.1.2.1.1.2 or the MIB CISCO-PORT_SECURITY-MIB:cpsIfPortSecurityStatus, so i'm pretty confident that i've got the right data.  I'm just looking for a way to see these events happen
  without having to monitor every single switchport on my network and if the alert will tell me which switch, which port had the violation.
  Any help is always appreciated.

  Hi,
  I have to say that I don't have experience doing this, but in my opinion, if you there is log files about that information, we can use SCOM to monitor the log file and fire alerts according to your requirements.
  Based on my research, the output of the port-security debug may have information about which switch, which port had the violation. (I am not familiar with cisco device, if there is any misunderstanding, please feel free let know)
  Regards,
  Yan Li
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Port-Security violation

  Hi all,
  I'm sending syslog messages from some access switches to CiscoWorks's syslog server. CiscoWorks is installed on a Windows 2003 machine.
  I can see %PORT_SECURITY-2-PSECURE_VIOLATION messages in the syslog.log file (located in C:\Program Files\CSCOpx\log\),
  but the messages do no appear in the RME \ Syslog Analyzer Severity Level Summary Report.
  Are there some variables/options that I must set/check in order to get the port-security violation (severity=2) messages included in the report?
  Thanks for any hints!

  Hello
  I do also happened the same with a network point and place the mac as drop and so far has not been blocked port:
  WS-C2960X-48FPD-L  15.0(2)EX5            C2960X-UNIVERSALK9-M
  mac address-table static 7e77.3777.5776 vlan xx drop
  mac address-table static 7e77.377a.57d6 vlan xx drop

• How to configure a port channel with VLAN trunking (and make it work..)

  We're trying to configure a port channel group with trunked ports to connect a NetApp HA pair. We want to create two data LIFs and connect them to the switch stack.  We are trying to create 2 data lifs, one for cifs and one for nfs that are on different vlans.
  We want the same ports to be able to allow multiple vlans to communicate. (trunked)
  These data lifs should be able to fail over to different nodes in the HA pair and still be able to communicate on the network.
  What this means is that we have to connect 4 ports each for each node in the NetApp HA Pair to the switches and create a port channel of some type that allows for trunked vlans. When we configure the ports, the configuration is as follows (below):
  We are only able to configure an IP on one of the vlans.
  When we configure an IP from another vlan for the data lif, it does not respond to a ping.
  Does anyone have any idea what I'm doing wrong on the Cisco switch?
  interface GigabitEthernet4/0/12
  description Netapp2-e0a
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  channel-protocol lacp
  channel-group 20 mode active
  end
  interface GigabitEthernet4/0/13
  description Netapp2-e0c
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  channel-protocol lacp
  channel-group 20 mode active
  end
  interface GigabitEthernet6/0/12
  description Netapp2-e0b
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  channel-protocol lacp
  channel-group 20 mode active
  end
  interface GigabitEthernet6/0/13
  description Netapp2-e0d
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  channel-protocol lacp
  channel-group 20 mode active
  end
  interface Port-channel20
  description Netapp2-NFS
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  spanning-tree portfast
  spanning-tree bpduguard enable
  end

  Our problem was fixed by the storage people.  They changed the server end to trunk, and the encapsulation / etherchannel.
  I like all the suggestions, and they probably helped out with the configuration getting this to work.
  Thanks!
  interface Port-channel20
  description Netapp2-NFS
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  interface GigabitEthernet4/0/12
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  channel-protocol lacp
  channel-group 20 mode active
  interface GigabitEthernet4/0/13
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  channel-protocol lacp
  channel-group 20 mode active
  interface GigabitEthernet6/0/12
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  channel-protocol lacp
  channel-group 20 mode active
  interface GigabitEthernet6/0/13
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  channel-protocol lacp
  channel-group 20 mode active

• NAC and switchport port-security

  Dear,Friends
  I have NAC working on Out-Of-Band Vitual Gateway.
  When I Enable Port Security on the CAM, this don't work very well.
  I need allow two mac-address for interface, one workstation and one phone.
  The first User is authenticated and placed in the correct VLAN according to the group. Total MAC Addresses increases the workstation and the phone correctly.
  Switch#sh port-security interface gigabitEthernet 1/24
  Port Security                          : Enabled
  Port Status                            : Secure-up
  Violation Mode                       : Shutdown
  Aging Time                            : 0 mins
  Aging Type                            : Absolute
  SecureStatic Address Aging   : Disabled
  Maximum MAC Addresses     : 2
  Total MAC Addresses            : 2
  Configured MAC Addresses    : 0
  Sticky MAC Addresses          : 0
  Last Source Address:Vlan      : fcfb.fbca.2c65:89
  Security Violation Count         : 0
  After if I:
  - change of user
  - bounce the interface
  - plug another workstation on interface
  Anything happens, and port remains on Access VLAN.
  Somebody Know How Can I fix this problem?
  Regards

  Could you please elaborate on your question? I don't understand what's exactly the problem.

• How to configure Symantec Mail Security for SMTP & Messaging Server 6.3

  Hi!
  I want to install a Symantec Mail Security for SMTP 5.0.1(host1) with Messaging Server 6.3 (in production - host2), but when I try to access to POP protocol to send a message from Internet, the system display a message with a relay problem.
  - Could you help me with this issue?,
  - Do you know some documentation that speaks of this?. I can't find any documentation that explain how to configure and integrate SMS and Messaging Server. Thanks in advance.
  Regards, CR

  ctemp1 wrote:
  I want to install a Symantec Mail Security for SMTP 5.0.1(host1) with Messaging Server 6.3 (in production - host2), but when I try to access to POP protocol to send a message from Internet, the system display a message with a relay problem.I take it that you have configured the symantec software like this?
  internet -> symantec mail security system -> sun messaging server -> recipientA better approach is the following
  internet -> sun messaging server -> recipient
                            |
                           V
                symantec mail security system(refer here: http://blogs.sun.com/factotum/entry/messaging_server_correctly_deploying_the)
  - Do you know some documentation that speaks of this?. I can't find any documentation that explain how to configure and integrate SMS and Messaging Server. Thanks in advance.There is no documentation specifically for symantec software but we do document how to send emails via the symantec mail security server using the aliasdetourhost channel keyword:
  http://docs.sun.com/app/docs/doc/819-4428/6n6j42615?a=view#bgaqy
  Regards,
  Shane.

• 802.1X Port Based Authentication - IP Phone- MDA - Port Security Violation

  I have configured 802.1X authentication on selected ports of a Cisco Catalyst 2960S with Micorsoft NPS Radius authentication on a test LAN. I have tested the authentication with a windows XP laptop, a windows 7 laptop with 802.1X, eap-tls authentication and a Mitel 5330 IP Phone using EAP-MD5 aithentication. All the above devices work with with the MS NPS server. However in MDA mode when the  802.1x compliant  windows 7 laptop is connected to the already authenticated Mitel IP Phone, the port experiences a security violation and the goes into error sdisable mode.
  Feb  4 19:16:16.571: %AUTHMGR-5-START: Starting 'dot1x' for client (24b6.fdfa.749b) on Interface Gi1/0/1 AuditSessionID AC10A0FE0000002F000D3CED
  Feb  4 19:16:16.645: %DOT1X-5-SUCCESS: Authentication successful for client (24b6.fdfa.749b) on Interface Gi1/0/1 AuditSessionID AC10A0FE0000002F000D3CED
  Feb  4 19:16:16.645: %PM-4-ERR_DISABLE: security-violation error detected on Gi1/0/1, putting Gi1/0/1 in err-disable state
  Feb  4 19:16:17.651: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down
  Feb  4 19:16:18.658: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to down
  If the port config  is changed to "authentication host-mode multi-auth", and the laptop is connected to the phone the port does not experience the security violation but the 802.1x authentication for the laptop fails.
  The ports GI1/0./1 & Gi1/02 are configured thus:
  interface GigabitEthernet1/0/1
  switchport mode access
  switchport voice vlan 20
  authentication event fail action authorize vlan 4
  authentication event no-response action authorize vlan 4
  authentication event server alive action reinitialize
  authentication host-mode multi-domain
  authentication order dot1x mab
  authentication priority dot1x mab
  authentication port-control auto
  mab
  mls qos trust cos
  dot1x pae authenticator
  spanning-tree portfast
  sh ver
  Switch Ports Model              SW Version            SW Image
  *    1 52    WS-C2960S-48FPS-L  15.2(1)E1             C2960S-UNIVERSALK9-M
  Full config attached. Assistance will be grately appreciated.
  Donfrico

  I am currently trying to get 802.1x port authentication working on a Cat3550 against Win2003 IAS but the IAS log shows a invalid message-authenticator error. The 3550 just shows failed. When I authenticate against Cisco ACS (by simply changing the radius-server) it works perfectly.
  However, I am successfully using IAS to authenticate WPA users on AP1210s so RADIUS appears to be OK working OK.
  Are there special attributes that need to be configured on the switch or IAS?

• Difference between protect/restrict port security violation action?

  Hi all,
  I've read the documentation, but found the explanations a bit vague. Could someone please explain the difference between these two?
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/comref/s1.htm#wp1184020
  Thanks.

  Only difference is that, security violation counters are incremented in restrict, while its not incremented in protect.
  So each time a violation occurs and you do a show port-security on that port.
  Switch# show port-security interface fastethernet0/1
  Port Security: Enabled
  Port status: SecureUp
  Violation mode: Shutdown
  Maximum MAC Addresses :50
  Total MAC Addresses: 11
  Configured MAC Addresses: 0
  Sticky MAC Addresses :11
  Aging time: 20 mins
  Aging type: Inactivity
  SecureStatic address aging: Enabled
  Security Violation count: 0
  The counter above in bold will be incremented when restrict is configured, and will not increment, if protect is configured.
  Either ways, the packets from the insecure hosts will be dropped, if a violation occurs.
  HTH
  Sankar.

• How do i recover a security trust setting password?

  i dont know what happend but the password for my computer security trust setting is not working now. how can i change the password?

  Mac OSX version? Mac model?

• How i configure various ports in the same service in a CSS.

  Hi,
  I have the following scenario:
  2 webserver running each one ports 80,81,82,83,84
  and i have a content rule defined in port 80.
  At the end i want that all the request that comes to the VIP port 80 be balanced through the 2 webservers in the differents ports(80,81,82,83,84).
  Note: I have configured a range of ports in the same service but this doesn't function:
  service PS
  ip address 10.0.0.5
  protocol tcp
  port 80 range 5
  keepalive type http
  keepalive method get
  active
  What can i do?
  gfiguereo.

  Hi,
  The only thing that comes to mind is to have a service defined for each tcp port. So since you have 2 physical servers and 5 different ports for each, you would have 10 services.
  service PS1
  ip address 10.0.0.5
  port 80
  service PS2
  ip address 10.0.0.5
  port 81
  then another 3 that look like this one only using ports 82,83,84
  then another 5 like the above 5 only the ip address would be differnt.
  Then you would have 10 services added to your port 80 content rule..
  Regards
  Pete..

• How i configure various ports in the same service

  Hi,
  I have the following scenario:
  2 webserver running each one ports 80,81,82,83,84
  and i have a content rule defined in port 80.
  At the end i want that all the request that comes to the VIP port 80 be balanced through the 2 webservers in the differents ports(80,81,82,83,84).
  Note: I have configured a range of ports in the same service but this doesn't function:
  service PS
  ip address 10.0.0.5
  protocol tcp
  port 80 range 5
  keepalive type http
  keepalive method get
  active
  What can i do?
  gfiguereo.

  Hi,
  The only thing that comes to mind is to have a service defined for each tcp port. So since you have 2 physical servers and 5 different ports for each, you would have 10 services.
  service PS1
  ip address 10.0.0.5
  port 80
  service PS2
  ip address 10.0.0.5
  port 81
  then another 3 that look like this one only using ports 82,83,84
  then another 5 like the above 5 only the ip address would be differnt.
  Then you would have 10 services added to your port 80 content rule..
  Regards
  Pete..