Req: pl explain port security on interface in 2950 switch.

Answered Question
Nov 29th, 2009
User Badges:

Dear Experts,


Please explain me one of our customer bellow mention configure in their 2950 switch on fastEthernet, pl explain me and what is the indicate why they are configer in BOLD.


interface FastEthernet0/2
description ***Free Port ***
switchport mode access
switchport protected
switchport port-security maximum 5  <--------------- what is indicate ??
switchport port-security aging time 5  <--------------- what is indicate ??
switchport port-security aging type inactivity  <--------------- what is indicate ??
shutdown
speed 100
duplex full
mvr type receiver   <--------------- what is indicate ??
mvr immediate    <--------------- what is indicate ??
storm-control broadcast level 5.00 2.00   <--------------- what is indicate ??
storm-control multicast level 5.00 2.00   <--------------- what is indicate ??
storm-control action trap   <--------------- what is indicate ??
mac access-group Block-Invalid-Frames in
no cdp enable
spanning-tree portfast


I need to explain cause i dont know , i have many 2950 switches in my ISP then i need to configure above mention configure in bold.


Thanks in ADV,


Vaib...

Correct Answer by Peter Paluch about 7 years 4 months ago

Hello Vaib,


Before I explain the highlighted commands very briefly, I strongly urge you to read the Configuration Guides and Command References for 2950 series switches. All questions you have given here are related to elementary issues that are very well described in the official documentation.


Catalyst 2950 Configuration Guide:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea11x/configuration/guide/scg.html


Catalyst 2950 Command Reference:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea11x/command/reference/cr.html


  • switchport port-security maximum defines a maximal number of MAC addresses that can be learned on a secure port
  • switchport port-security aging-time defines the count of minutes after which a learned secure MAC address can expire from the MAC address table. By default, the secure MAC addresses do not expire until the port is shut down or disconnected
  • switchport port-security aging type inactivity defines that the secure MAC addresses will be expired on the basis of their activity, i.e. whether the sender with that particular MAC address has sent some frames at least aging-time minutes ago. Other method of aging is absolute where the addresses are expired after aging-time minutes since they were first learned.
  • mvr type receiver and mvr immediate are related to the Multicast VLAN Registration which is a somewhat larger topic so please refer to the documentation
  • storm-control commands define the rising and falling thresholds for the broadcast and multicast traffic in terms of bandwidth percentage of the interface. If the amount of respective traffic is above the rising threshold, the switch will block that traffic until it falls under the falling threshold.
  • storm-control action trap defines that whenever a storm control is active on a port, a SNMP trap will be generated.


I suggest you read the following sections from the Configuration Guide carefully:


Configuring Port-Based Traffic Control (Storm control, Port Security)

Configuring IGMP Snooping and MVR (Multicast VLAN Registration)


Best regards,

Peter

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Peter Paluch Sun, 11/29/2009 - 01:12
User Badges:
  • Cisco Employee,

Hello Vaib,


Before I explain the highlighted commands very briefly, I strongly urge you to read the Configuration Guides and Command References for 2950 series switches. All questions you have given here are related to elementary issues that are very well described in the official documentation.


Catalyst 2950 Configuration Guide:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea11x/configuration/guide/scg.html


Catalyst 2950 Command Reference:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea11x/command/reference/cr.html


  • switchport port-security maximum defines a maximal number of MAC addresses that can be learned on a secure port
  • switchport port-security aging-time defines the count of minutes after which a learned secure MAC address can expire from the MAC address table. By default, the secure MAC addresses do not expire until the port is shut down or disconnected
  • switchport port-security aging type inactivity defines that the secure MAC addresses will be expired on the basis of their activity, i.e. whether the sender with that particular MAC address has sent some frames at least aging-time minutes ago. Other method of aging is absolute where the addresses are expired after aging-time minutes since they were first learned.
  • mvr type receiver and mvr immediate are related to the Multicast VLAN Registration which is a somewhat larger topic so please refer to the documentation
  • storm-control commands define the rising and falling thresholds for the broadcast and multicast traffic in terms of bandwidth percentage of the interface. If the amount of respective traffic is above the rising threshold, the switch will block that traffic until it falls under the falling threshold.
  • storm-control action trap defines that whenever a storm control is active on a port, a SNMP trap will be generated.


I suggest you read the following sections from the Configuration Guide carefully:


Configuring Port-Based Traffic Control (Storm control, Port Security)

Configuring IGMP Snooping and MVR (Multicast VLAN Registration)


Best regards,

Peter

csawest.dc Sun, 11/29/2009 - 01:40
User Badges:

Dear Peter,


Thanks a lot for your great support,


sorry for that bold mark now next time carefully,


Have Cheers!!!


Vaib...

Actions

This Discussion