[c-nsp] Alternatives for port-security in a L2 host redundancy environment
Andrew Miehs
andrew at 2sheds.de
Fri Apr 29 07:32:32 EDT 2011
On Fri, Apr 29, 2011 at 12:02 PM, Phil Mayers <p.mayers at imperial.ac.uk>wrote:
> On 04/28/2011 06:48 PM, Peter Rathlev wrote:
>
> I'm not deeply familiar with audits like these, but if they're seriously
>> asking for port-security on infrastructure ports they have IMHO
>> misunderstood something. User facing ports: yes maybe. Infrastructure
>> ports: no.
>>
>
> Sadly, in my experience a complete lack of understanding on the auditors
> part does not necessarily reduce their power to compel you. You need really
> good, words-of-one-syllable explanations to convince them why you can't do
> something. And even that may not help :o(
You may be able to use something like this with maximum
interface GigabitEthernet2/22
description PortDesc
switchport
switchport access vlan 2
switchport mode access
switchport port-security
switchport port-security maximum 8
switchport port-security aging time 5
switchport port-security aging type inactivity
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
!
Regards
Andrew
More information about the cisco-nsp
mailing list