Thanks for your helpful replies:

Another question:

My scenario

I use two PCs in my scenario. One is the PC that I want to use port f0/5, for example. And another PC that acts like a non-secure that wants to attach to a port that I designated it for PC 1.

Note I use "protect" option for the violation in the example.

I use the MAC address of the PC 1 to setup a secure switch port. I then takes off the PC 1 and take in PC 2 in the f0/5.

As expected, the port is received a violation. Right?

But I can ping or telnet the switch with PC 2, actually. However, I cannot ping another IP address. It seems that the switch is dropping the packets. Is it normal?

I pull out the PC 2 and take in the PC 1 in its port again. I can ping or telnet the switch, but I cannot ping another IP address. It seems that the switch is dropping the packets for a PC that I setup its MAC address for security (PC 1). Is it normal?

Thanks

Reza

Reza,

Please paste the switch port configuration where you are connecting the PC. Also paste the "show version" from the switch.

-amit singh

My 0/5 port security configuration:

interface FastEthernet0/5

switchport mode access

switchport port-security

switchport port-security violation protect

switchport port-security mac-address sticky

switchport port-security mac-address sticky 0004.7583.cb52

speed 100

no cdp enable

!

"Show version" output:

S1#sh ver

Cisco Internetwork Operating System Software

IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(14)EA1a, RELEASE SOFTWARE (fc1)

Copyright (c) 1986-2003 by cisco Systems, Inc.

Compiled Tue 02-Sep-03 03:33 by antonino

Image text-base: 0x80010000, data-base: 0x805C0000

ROM: Bootstrap program is CALHOUN boot loader

S1 uptime is 8 weeks, 3 days, 16 hours, 16 minutes

System returned to ROM by power-on

System image file is "flash:/c2950-i6q4l2-mz.121-14.EA1a.bin"

cisco WS-C2950T-24 (RC32300) processor (revision M0) with 20710K bytes of memory.

Processor board ID FOC0751W351

Last reset from system-reset

Running Enhanced Image

24 FastEthernet/IEEE 802.3 interface(s)

2 Gigabit Ethernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address: 00:0E:84:EF:DF:80

Motherboard assembly number: 73-6114-09

Power supply part number: 34-0965-01

Motherboard serial number: FOC07511ARB

Power supply serial number: DAB0750HAZH

Model revision number: M0

Motherboard revision number: B0

Model number: WS-C2950T-24

System serial number: FOC0751W351

Configuration register is 0xF

S1#sh port-security

Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action

(Count) (Count) (Count)

---------------------------------------------------------------------------

Fa0/5 1 1 0 Protect

---------------------------------------------------------------------------

Total Addresses in System (excluding one mac per port) : 0

Max Addresses limit in System (excluding one mac per port) : 1024

I solved the problem. The problem was the IOS.

I tested this feature with another updated switch and everything is OK.

Thanks

Reza

Hi Reza,

Thanks for the update on this. Sorry, I couldnt reply yesterday as I left a bit early for the day.

-amit singh