01-27-2013 12:17 AM - edited 03-07-2019 11:20 AM
Dear all, I successfully configure port security in 2950 switch. But when i am trying in 2960 it is not working. i configure all the relevent commands but still its not working. any one have an idea why it is behaving like this:
Example when its working on 2950 switch.
SW1_81#sh por int fa 0/2
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address : 1803.xxxx.xxxx
Security Violation Count : 0
Version 12.1(22)EA4
Example when its not working in 2960:
SLN_STD_SW1_101#sh por int fa 0/1
Port Security : Enabled
Port Status : Secure-down
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 101f.xxxx.bba8:xxx
Security Violation Count : 0
I need help here....
01-27-2013 01:00 AM
Can you post the switch port configuration for the 2960?
Regards
==========================
http://www.rConfig.com
A free, open source network device configuration management tool, customizable to your needs!
Sent from Cisco Technical Support iPhone App
01-27-2013 01:09 AM
Dear Stephen:
these are the port configuration on 2960:
switchport port-security
switchport port-security maximum 1
switchport port-security violation shutdown
and in 2950 if we just enable the port security it start working. and even in 2960 it become enable after just enabling port security but didnot start working. and i enable port security by configuring this command "Switchport port-security"
I also check and verify with cisco documentation but this issue is something becoming beyond my thinking.
please feel free to ask any other question in this regard.
regards
01-27-2013 01:42 AM
Thanks. Well the 2960 port status is 'secure-down'. Meaning something violated the policy. As you do not have a MAC address added to the port security configuration then I think the only other reason is that more than one MAC address came in on this port causing the violation criteria to be met. Is this some kind of virtual host like VMware esx or is there an ip phone attached?
You could try hard coding the expected mac address using the 'switchport port-security mac-address x.x.x' command
Regards
==========================
http://www.rConfig.com
A free, open source network device configuration management tool, customizable to your needs!
Sent from Cisco Technical Support iPhone App
01-27-2013 02:58 PM
Hi:
You have more than one device (real or virtual) atached to your port switch, after fix that enable the interface with no shutdown command.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide