One of the best practice for sysadmins is to know which user now connected to which switches and before it that user connected to where.
its good when you wont block MAC Address to move here ports or switches but you want to know when a user move here device from one port to another port or one switch to another switch.
we can prevent movement of users PC or LapTop or any devices from one port to another port of switch or by limiting MAC Address per port we can add new limitation layer , but as we know if we enable port security for example for one switches(All ports) and set MAX-Port to 1 MAC Address, if users connect her PC to one port that not used yet, it can connect to switch or network without any problem. but we can set our switches to store information of users MAC Address connected to which ports and removed from which port, its can be another good feature for adding another layer in term of security analyze.
in this plan we need a SNMP Server or syslog Server to catch the logs of MAC Address they received from switches and we can in the end see users MAC Address from output of the server.
its not matter how many switch you have in your corporate, just you need to configure all of that(in fact every switch you need to get MAC Address changed log) to send MAC-Address Table change to syslog Server
Snmp-server host 220.127.116.11 traps private
and then we must enable MAC notifications to send visa SNMP Traps via this command:
Snmp-server enable traps mac-notification
Enable mac Address notification over switch:
after that we want send MAC Changes every 5min to NMS:
Mac-address-table notification interval 300
as you know by default cisco switches send SNMP Traps every 1 second and maximum buffer size is just for 1 MAC Address, so we need to change MAC Address buffer size to store more address and then send all of address stored in buffer to NMS.
at this point we configure general configuration of switch then in the next step we need to configure ports to send which type of MAC Address change, in fact we have two type of MAC Address type: Add/Remove
snmp trap mac-notification added
snmp trap mac-notification removed.
your task for configure switch is over and know for sure about your configuration you can view there via this command:
Show mac-address-table notification interface f0/1
Hello, Hello, we have a topology similar to above. The ASA has a private AS of 65001, and is using the local-as 2322 and and remove-private-as BGP parameters, but the router is still seeing the private AS, 65001 when you type show BGP. Is ...
Customer has a 2851 router that runs the EZVPN client connected back to a Cisco ASA based EZVPN server. Tunnel went down today, and everyone claims no configuration changes have been made. Troubleshooting has narrowed this down to the Server en...
Hi,I am looking to upgrade 2 x FTD 2130 and vFMC to 18.104.22.168 from 22.214.171.124 this week.Am I ok just going straight to 126.96.36.199 or should I go to 6.4 first? Anyone had any issues with .7? It was advised at Cisco Live this week that we get all of our Firepowers ...
Hello Folks! I need to install a Virtual SMA to manage 05 WSA S300.I found the link below about the installation but is confusing, in some point says is necessary 1024GB/08GB/04 (disk/memory/processor) and in another part say is necessary a UCS serve...
I'm a very simple AnyConnect Secure Mobility Client User. I installed anyconnect-win-4.6.03049-core-vpn-predeploy-k9 and then use it to VPN to a remote site. That's it. Worked fine. Now, I need to update the Profile. I manuall...