One of the best practice for sysadmins is to know which user now connected to which switches and before it that user connected to where.
its good when you wont block MAC Address to move here ports or switches but you want to know when a user move here device from one port to another port or one switch to another switch.
we can prevent movement of users PC or LapTop or any devices from one port to another port of switch or by limiting MAC Address per port we can add new limitation layer , but as we know if we enable port security for example for one switches(All ports) and set MAX-Port to 1 MAC Address, if users connect her PC to one port that not used yet, it can connect to switch or network without any problem. but we can set our switches to store information of users MAC Address connected to which ports and removed from which port, its can be another good feature for adding another layer in term of security analyze.
in this plan we need a SNMP Server or syslog Server to catch the logs of MAC Address they received from switches and we can in the end see users MAC Address from output of the server.
its not matter how many switch you have in your corporate, just you need to configure all of that(in fact every switch you need to get MAC Address changed log) to send MAC-Address Table change to syslog Server
Snmp-server host 18.104.22.168 traps private
and then we must enable MAC notifications to send visa SNMP Traps via this command:
Snmp-server enable traps mac-notification
Enable mac Address notification over switch:
after that we want send MAC Changes every 5min to NMS:
Mac-address-table notification interval 300
as you know by default cisco switches send SNMP Traps every 1 second and maximum buffer size is just for 1 MAC Address, so we need to change MAC Address buffer size to store more address and then send all of address stored in buffer to NMS.
at this point we configure general configuration of switch then in the next step we need to configure ports to send which type of MAC Address change, in fact we have two type of MAC Address type: Add/Remove
snmp trap mac-notification added
snmp trap mac-notification removed.
your task for configure switch is over and know for sure about your configuration you can view there via this command:
Show mac-address-table notification interface f0/1
Hello All, I have a simple question. What are the risks of using the above-recommended version with a star? My client has FMC and FTD 4110 Firewalls in version 6.6.1.I know that Cisco currently recommends version 6.6.4.Due to BUG, I see tha...
I am planing upgrade ASA sfr module 6.1.0 to 6.7.0.The ASA version is 9.6(2). During the planning, the following questions arose: Re-image and install the new version is different to perform an upgrade in ASA sfr module?In case a this re-image a...
I have Cisco ISE 2.6 patch 8; physical appliance; each node has dedicated personas.I have successful ODBC connection with SQL server; and it works completely fine. I have added 8 various container in ISE as a ODBC external connection but recently i have a...
Hi there, I got a Cisco vFMC with two Cisco Firepower configured as HA pair. At present the Secondary unit is Active. We got an issue with the Primary unit and have to perform factory-reset. I got a couple of questions: 1) Do I have to bre...
Greetings!I´ve tried to set up a tunnel between 2 routers using IPSec VPN but can´t make it to exchange traffic. Before, using serial connection and advertising routes with ospf everything pings everything.ASBR only as directly connected r...