I have a system with couple of switches but none of them is DHCP enabled, all of my Hardware behind the switch have statically IP addresses assigned. Please keep in mind that some of my servers have Hyper-Visor enabled with VMs enabled in them, which they constantly change, in other words adding or deleting VMs.
I do not want to do DAI config on the switch (3560) I think this is too much work especially in huge environment.
I would appreciate if anyone has any good responses for switchport security configuration in a non DHCP environment, that has capabilities to change.
It was not clear exactly what you were looking to achieve through switchport security, but if you were just asking for general recommendations, then port-security may be helpful. It will assist in two scenarios:
1) Limit the maximum number of MAC addresses learned on a single interface (not so useful in a VM environment, unless you have a finite max value).
2) Prevent the same MAC address from being learned on another port (or rather flapping between multiple interfaces).
If you mean to prevent all communication except specific IP's, you could use IPSG for static hosts, normally IPSG relies on DHCP but the static version allows tracking based on ARP traffic, although you will need version 12.2(52)SE or later.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...