09-20-2005 01:11 PM - edited 03-03-2019 12:06 AM
Hi all,
I've read the documentation, but found the explanations a bit vague. Could someone please explain the difference between these two?
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/comref/s1.htm#wp1184020
Thanks.
Solved! Go to Solution.
09-20-2005 01:15 PM
Only difference is that, security violation counters are incremented in restrict, while its not incremented in protect.
So each time a violation occurs and you do a show port-security on that port.
Switch# show port-security interface fastethernet0/1
Port Security: Enabled
Port status: SecureUp
Violation mode: Shutdown
Maximum MAC Addresses :50
Total MAC Addresses: 11
Configured MAC Addresses: 0
Sticky MAC Addresses :11
Aging time: 20 mins
Aging type: Inactivity
SecureStatic address aging: Enabled
Security Violation count: 0
The counter above in bold will be incremented when restrict is configured, and will not increment, if protect is configured.
Either ways, the packets from the insecure hosts will be dropped, if a violation occurs.
HTH
Sankar.
09-20-2005 01:15 PM
Only difference is that, security violation counters are incremented in restrict, while its not incremented in protect.
So each time a violation occurs and you do a show port-security on that port.
Switch# show port-security interface fastethernet0/1
Port Security: Enabled
Port status: SecureUp
Violation mode: Shutdown
Maximum MAC Addresses :50
Total MAC Addresses: 11
Configured MAC Addresses: 0
Sticky MAC Addresses :11
Aging time: 20 mins
Aging type: Inactivity
SecureStatic address aging: Enabled
Security Violation count: 0
The counter above in bold will be incremented when restrict is configured, and will not increment, if protect is configured.
Either ways, the packets from the insecure hosts will be dropped, if a violation occurs.
HTH
Sankar.
09-21-2005 09:47 PM
Clear!
Thanks Sankar..
09-21-2005 09:54 PM
Sankar... if I may, do you know what the point is of increasing the security violation count? IMHO , this is only a cosmetic difference. Is that correct?
Thanks,
Marcel
09-22-2005 07:04 AM
I think, its only used for statistics.
09-22-2005 07:23 AM
It also determines whether you can get a syslog message and SNMP trap for the event.
Kevin Dorrell
Luxembourg
09-22-2005 11:43 AM
OK.
I'll just stop thinking about it and store it in memory ;-)
Thanks for your replies, both.
Marcel
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: