How to suppress CatOS port security changes (was Re: config fetcher problems - cisco 1760)
john heasley
heas at shrubbery.net
Sat Aug 23 18:25:54 UTC 2003
Sat, Aug 23, 2003 at 02:10:40AM +0200, Nipper, Arnold:
> >> - set port security 4/48 x-x-x-x-x-x
> >> set port security 4/48 y-y-y-y-y-y
> >> + set port security 4/48 z-z-z-z-z-z
> >>
> >> Is there a simple trick to do so?
> >
> > I have never used this stuff. If it learns these MACs completely
> dynamically,
> > then cat5rancid should filter them. from the docs, it seems that it is
> also
> > possible to configure static MACs, which we should not filter. what is
> the
> > difference between the config syntax?
>
> Actually configuration is done via
>
> set port security 3/1 enable age 10 maximum 1 shutdown 0 violation restrict
>
> That means: allow 1 MAC address on port 3/1 and forget about it if there is
> no traffic for 10 minutes. If you see traffic from another MAC silently
> ignore. Hence MACs are learnt dynamically which makes replacements much
> easier. Though all MAC addresses currently known on port-security-enabled
> ports show up as static entries in the config.
the following should filter them. please let me know if that works.
thanks!
Index: cat5rancid.in
===================================================================
RCS file: /home/rancid/.CVS/rancid/bin/cat5rancid.in,v
retrieving revision 1.29
diff -c -r1.29 cat5rancid.in
*** cat5rancid.in 23 Aug 2003 18:18:10 -0000 1.29
--- cat5rancid.in 23 Aug 2003 18:21:33 -0000
***************
*** 865,870 ****
--- 865,871 ----
next;
}
/fair-queue individual-limit/ && next;
+ /^ set port security \d+\/\d+ \S+-\S+\-/ && next;
# sort ip explicit-paths.
if (/^ip explicit-path name (\S+)/) {
my($key) = $1;
More information about the Rancid-discuss
mailing list