Subject: | |
From: | |
Reply To: | |
Date: | Thu, 4 Oct 2007 09:20:11 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
So, Yes. You need the feature. :-)
I would roll with a 5 minute timer. They'll never get more than 4
simultaneous devices going, and that's what you state your trying to
prevent. It's not elegant, but neither is trying to keep tabs of every
MAC they have.
-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Greg Fuller
Sent: Thursday, October 04, 2007 8:54 AM
To: [log in to unmask]
Subject: Re: Edge Switch Interface Configs - Aging?
We charge a per network device connection fee for each device a student
wants to connect. One charge is added by default to each reshall
students
bill, then they have to pay after that. I picked 4 MACs as a starting
point as students rarely have more than a computer and an xbox.
In our previous registrtation system we were using VMPS on all
switchports, which only allows 25 MAC addresses on a port before it err-
disables the port. That saved us a bunch of times for those clients
NICs
that went bad or something running on their machine that would generate
MAC address floods to the network. After seeing 25 MACs on a port it
would err-disable the port and the student would have to call the
HelpDesk, and we would fix their computer (or tell them to buy a new
NIC)
if we saw the port was err-disabled because of a VMPS error.
We've also had problems in the past with students configuring a static
IP
on their machine. Just yesterday we had a call to the HelpDesk where
someone was setting a static IP on their machine because they thought it
would speed up their music/movie/etc downloads. Several people on this
persons floor did the same thing. IP Source Guard on the switch caught
it
and blocked traffic from that MAC address. IPSG needs to be used in
combination with DHCP Snooping so there is a MAC<->IP binding table that
IPSG uses to determine if your using a static IP.
--greg
On Wed, 3 Oct 2007 16:19:55 -0400, King, Michael <[log in to unmask]>
wrote:
>I guess my question is:
>
>What is the value of port-security in a residence hall environment?
>Does your local policy prevent students from having more than 4
>computers in a single room?
>
>It's my understanding of Port-security that it only allows X number of
>MACs to be allowed on a port.
>
>You might not need the feature that is causing you the problem.
|
|
|