04-23-2007 08:41 AM - edited 03-05-2019 03:37 PM
I have recently started to impliment MAC address based port security on 4507's. I can get the ports secure and everything is working fine however how do I handle having a diagnostic device on the port eventually?
I tried to use a statically assigned address for my fluke on every port but I get a message saying it's a duplicate. It seems like I'm not able to have the same MAC address allowed on more than 1 port, which makes sense. What can be done for test equipment though? I suppose I can remove the port security everytime I need to test a port but that seems rather tedious.
04-23-2007 09:13 AM
What is the configuration that you have done on the switchports.Have you done static mac-address config or sticky mac-address config on the switchports.
You can increase the MAX-MAC count to 2 on the switchports.By default the MAX mac count on the switchports is 1. Unless the mac-adress is statically configured on the switchport or learned through " dynamic sticky " method, the mac-address wipes out from the switchport the moment you disconnect the PC from the port.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_2_31a/config/port_sec.htm#wp1074186
HTH,
-amit singh
04-23-2007 09:16 AM
From the point of view of the Catalyst Switch, the diagnostic equipment is just any other host attempting to send traffic on that port.
If your diagnostic tool is a layer1 device then it most probably wont have any mac-address and will not send out "ethernet" packets (as they are at Data-link layer2). So it will not interfere with port security.
However, if your device is a layer2 tool sending/receiving ethernet packets then the switch is bound to complain about port security violations.
How about clearing the port security binding on that port with a clear port-security command? You can issue this command, do your testing, issue it again and connect the original host. that should do the trick!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide