Hi, I'm implementing a 3rd party NAC solution and integrating with some C3560 switches.
Switches currently have port-security configured, with max 2, sticky MACs set per port.
3rd party NAC uses SNMP MAC notification traps to detect when new device has been connected. At the moment, this needs to run alongside existing port-security. I've not noticed this before, but when a port with port-security comes up, all defined secure MACs are put in the mac address table for that port (even if they are not all connected).
Is this correct? Only this is causing issues with 3rd party product as it is detecting additional devices as being live when they are not.
Port-security will eventually be disabled, but is required whilst NAC solution is being evaluated/configured.
Lastly, I have found switches running c3560-ipbasek9-mz.122-25.SEB4.bin and the SNMP trap is inconsistent when port-security is enabled (ie the trap is not sent) - although it does appear to work correctly (so far) in c3560-ipbasek9-mz.122-55.SE9.bin, presumbaly the mac notication traps and port-security are supported together?
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.