How to suppress CatOS port security changes (was Re: config fetcher problems - cisco 1760)

Nipper, Arnold arnold at nipper.de
Sat Aug 23 00:10:40 UTC 2003


On Saturday, August 23, 2003 1:57 AM, john heasley <heas at shrubbery.net>
wrote:
> Fri, Aug 15, 2003 at 06:08:02PM +0200, Nipper, Arnold:
>> John,
>>
>> thanks for the help. Actually I guess the patch provided by Anchi did the
>> trick. No complaints since. While we are at it ... We are running port
>> security on the CatOS switches and the actual MAC entries are stored in
the
>> config files. As MACs are changing frequently we get a lot of mails with
>> just the MAC entries having changed. I would like to suppress changes for
>>
>>  - set port security 4/48 x-x-x-x-x-x
>>   set port security 4/48 y-y-y-y-y-y
>> + set port security 4/48 z-z-z-z-z-z
>>
>> Is there a simple trick to do so?
>
> I have never used this stuff.  If it learns these MACs completely
dynamically,
> then cat5rancid should filter them.  from the docs, it seems that it is
also
> possible to configure static MACs, which we should not filter.  what is
the
> difference between the config syntax?

Actually configuration is done via

 set port security 3/1 enable age 10 maximum 1 shutdown 0 violation restrict

That means: allow 1 MAC address on port 3/1 and forget about it if there is
no traffic for 10 minutes. If you see traffic from another MAC silently
ignore. Hence MACs are learnt dynamically which makes replacements much
easier. Though all MAC addresses currently known on port-security-enabled
ports show up as static entries in the config.


Arnold




More information about the Rancid-discuss mailing list