We are trying to install port security within our data centers, port-security config all looks straightforward enough, but we have come across one problem that I need help with.
Most servers these days connect to a logical core (2 Catalyst 6500s for example) in failover (NFT) mode. I attempted to configure port-security by allowing both MACs down the respective ports in the hope that if the primary NIC failed the fact that both MACs are configured on both ports would allow fail over to work.
However it did not. I even tried using the sticky options but unless a manual clear of the MAC Table is done failover doesn't occur.
I need a dynamic configuration that will allow for port-security but yet maintain teamed NIC failover capability.
We thought that changing the MAC table flush period would assist but this creates problems for multilayer switching for the entire network.
Does any one have any experience or knowledge in how to configure port security for IOS & CatOS for servers using NIC teaming?
I think it is the better to configure the Cisco IOS Firewall Intrusion Detection System (IDS) acts as an in-line intrusion detection sensor, watching packets and sessions as they flow through the router, scanning each to match any of the IDS signatures. When it detects suspicious activity, it responds before network security can be compromised and logs the event through Cisco IOS syslog. The network administrator can configure the IDS system to choose the appropriate response to various threats. When packets in a session match a signature, the IDS system can be configured to:
Send an alarm to a syslog server or a Cisco NetRanger Director (centralized management interface)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :