Re: Native vlan - port security

From: Vibeesh S (vibselva@gmail.com)
Date: Sun Jul 27 2008 - 09:48:53 ART

• Next message: Vibeesh S: "Re: ACS with Aironet authentication"
• Previous message: stephen skinner: "Re: Tc value"
• Maybe in reply to: Vibeesh S: "Native vlan - port security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks Joe !!

On Sun, Jul 27, 2008 at 5:18 PM, Joseph Brunner <joe@affirmedsystems.com>wrote:

> Oops to answer your last question;
>
> >In case an employee plugs in a switch in that port, in "dynamic auto" mode
> >will he have all access just like the other switches. If not how do we
> >secure it.
>
> Please refer to this doc;
>
>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/1
> 2.2_20_se/configuration/guide/swvoip.html
>
> "When you enable port security on an interface that is also configured with
> a voice VLAN, you must set the maximum allowed secure addresses on the port
> to two plus the maximum number of secure addresses allowed on the access
> VLAN. When the port is connected to a Cisco IP phone, the IP phone requires
> up to two MAC addresses. The IP phone address is learned on the voice VLAN
> and might also be learned on the access VLAN. Connecting a PC to the IP
> phone requires additional MAC addresses."
>
> -Joe
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Vibeesh S
> Sent: Sunday, July 27, 2008 7:15 AM
> To: ccielab@groupstudy.com
> Subject: Native vlan - port security
>
> Hi Group,
>
> I have a doubt with regard to the port security when we configure native
> vlan.
>
> Switch ------------ IPphone ------- Pc
> TRUNK
>
> If I configure a port on my switch as an Trunk port that goes to an
> employees desk which connects an IP phone to which a Pc is connected.
> Now IP packets from the pc will reach the configured native vlan right ....
> while the voip pakets will remain in the ports vlan.
> In case an employee plugs in a switch in that port, in "dynamic auto" mode
> will he have all access just like the other switches. If not how do we
> secure it.
>
> I just want to know what will happen as I have not deployed such scenarios.
>
> Thanks,
> Vibs
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Vibeesh S: "Re: ACS with Aironet authentication"
• Previous message: stephen skinner: "Re: Tc value"
• Maybe in reply to: Vibeesh S: "Native vlan - port security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:57 ART