Port Security in 2950 and 2960

Zargham Haider · ‎01-27-2013

Dear all, I successfully configure port security in 2950 switch. But when i am trying in 2960 it is not working. i configure all the relevent commands but still its not working. any one have an idea why it is behaving like this:

Example when its working on 2950 switch.

SW1_81#sh por int fa 0/2

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Shutdown

Aging Time : 0 mins

Aging Type : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 1

Total MAC Addresses : 1

Configured MAC Addresses : 0

Sticky MAC Addresses : 0

Last Source Address : 1803.xxxx.xxxx

Security Violation Count : 0

Version 12.1(22)EA4

Example when its not working in 2960:

SLN_STD_SW1_101#sh por int fa 0/1
Port Security              : Enabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 101f.xxxx.bba8:xxx
Security Violation Count   : 0

I need help here....

stephen.stack · ‎01-27-2013

Can you post the switch port configuration for the 2960?

Regards

==========================
http://www.rConfig.com

A free, open source network device configuration management tool, customizable to your needs!

Sent from Cisco Technical Support iPhone App

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

Zargham Haider · ‎01-27-2013

Dear Stephen:

these are the port configuration on 2960:

switchport port-security

switchport port-security maximum 1

switchport port-security violation shutdown

and in 2950 if we just enable the port security it start working. and even in 2960 it become enable after just enabling port security but didnot start working. and i enable port security by configuring this command "Switchport port-security"

I also check and verify with cisco documentation but this issue is something becoming beyond my thinking.

please feel free to ask any other question in this regard.

regards

stephen.stack · ‎01-27-2013

Thanks. Well the 2960 port status is 'secure-down'. Meaning something violated the policy. As you do not have a MAC address added to the port security configuration then I think the only other reason is that more than one MAC address came in on this port causing the violation criteria to be met. Is this some kind of virtual host like VMware esx or is there an ip phone attached?

You could try hard coding the expected mac address using the 'switchport port-security mac-address x.x.x' command

Regards

==========================
http://www.rConfig.com

A free, open source network device configuration management tool, customizable to your needs!
Sent from Cisco Technical Support iPhone App

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

chesterlink · ‎01-27-2013

Hi:

You have more than one device (real or virtual) atached to your port switch, after fix that enable the interface with no shutdown command.