Hi,
2016-12-15 17:06 GMT+01:00 Cuttler, Brian R (HEALTH) <
brian.cutt...@health.ny.gov>:
>
>
>
> I think I want the entry to remain dynamic, I want to prevent the entry
> from getting written into the config file when I “wr mem”, if I still
> have sticky mac addresses and write mem, don’t the entries get written into
> the boot file, so aging will not occur?
>
The entry is still written to the running config, there is no way to
prevent this (if you make a wr, the running config is just written to the
boot file).
If you enable aging, the dynamic learned mac adress is removed from your
config after the configured time.
>
>
> If I read this right (questionable) then rather than sticky secure I want
> dynamic secure, but those keywords don’t actually exist in the switch
> config. So I looking to find out if the approach is valid from a PF view
> and how exactly to implement on the individual switches/interfaces.
>
If you remove the sticky option, the dynamic learned Mac Adress is never
written to the running-config and of cource it's never written to the
memory.
Like Tim said, it's much better to use radius ;)
2016-12-15 0:39 GMT+01:00 Tim DeNike <tim.den...@mcc.edu>:
> Use RADIUS. Way better!
>
> That would be the best way ;)
>
> *From:* Tobias Friede [mailto:t.fri...@gmail.com]
> *Sent:* Wednesday, December 14, 2016 4:02 PM
> *To:* packetfence-users@lists.sourceforge.net
> *Subject:* Re: [PacketFence-users] packetfence and cisco switches
>
>
>
> *ATTENTION: This email came from an external source. Do not open
> attachments or click on links from unknown senders or unexpected emails.*
>
> Hi,
>
>
>
> I think that's not possible because Port Security creates a static entry
> in the Mac Table of the switch.
>
> That's how port security is working ;)
>
>
>
> You could enable aging. That means if the client is inactive, the mac
> adress is removed from the switch port (after a specific time)
>
>
>
> => http://packetlife.net/blog/2010/may/3/port-security/
>
>
>
>
>
> Greetings
>
> Tobias
>
>
>
>
>
> 2016-12-14 19:57 GMT+01:00 Cuttler, Brian R (HEALTH) <
> brian.cutt...@health.ny.gov>:
>
> Packetfence users,
>
> We are using PF 5.0.2 and have a variety of Cisco switches in place.
>
> We have the access ports (vs trunk ports) configured with “sticky mac”
> addresses, and find (we per documentation) that when we make any changes to
> the switch config and save those changes “write memory” that the dynamic
> addresses of the end point devices get written into the switch boot config
> file.
>
> Typical changes we’d want to save are things like adding vlans to the
> trunk, adding a port description for a special end point device, adding a
> new vlan to the switch, etc.
>
> The problem we are seeing is that if a device (typical PC or printer) is
> moved to another port on the switch, then the MAC address of the device
> which is “dynamic” on the port, conflicts with the now static address on
> the old port.
>
> I am going to see if configuring a test switch with “dynamic secure”
> rather than “sticky secure”, I think just a matter of unsetting “sticky”
> for the interface.
>
> Does anyone have any experience with this?
>
> How do you prevent the learned MAC addresses from getting written into the
> config file?
>
> Thank you,
>
> Brian
>
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
