Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Port Security Configuration - NIC Teaming

We are trying to install port security within our data centers, port-security config all looks straightforward enough, but we have come across one problem that I need help with.

Most servers these days connect to a logical core (2 Catalyst 6500s for example) in failover (NFT) mode. I attempted to configure port-security by allowing both MACs down the respective ports in the hope that if the primary NIC failed the fact that both MACs are configured on both ports would allow fail over to work.

However it did not. I even tried using the sticky options but unless a manual clear of the MAC Table is done failover doesn't occur.

I need a dynamic configuration that will allow for port-security but yet maintain teamed NIC failover capability.

We thought that changing the MAC table flush period would assist but this creates problems for multilayer switching for the entire network.

Does any one have any experience or knowledge in how to configure port security for IOS & CatOS for servers using NIC teaming?


Re: Port Security Configuration - NIC Teaming

I think it is the better to configure the Cisco IOS Firewall Intrusion Detection System (IDS) acts as an in-line intrusion detection sensor, watching packets and sessions as they flow through the router, scanning each to match any of the IDS signatures. When it detects suspicious activity, it responds before network security can be compromised and logs the event through Cisco IOS syslog. The network administrator can configure the IDS system to choose the appropriate response to various threats. When packets in a session match a signature, the IDS system can be configured to:

Send an alarm to a syslog server or a Cisco NetRanger Director (centralized management interface)

Drop the packet

Reset the TCP connection

CreatePlease to create content