05-06-2008 07:14 AM - edited 03-05-2019 10:47 PM
I have a 2960 @ a remote site. I set the port-security as shown here (all interfaces are set the same except for the uplink):
interface FastEthernet0/5
switchport access vlan 100
switchport voice vlan 200
switchport port-security maximum 2
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
but when I
"show port-security interface fastEthernet 0/5"
I get output stating that port security is disabled
Port Security : Disabled
Port Status : Secure-down
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 2
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0
a "show IP interface brief" shows this port is up up.
any ideas?
Solved! Go to Solution.
05-06-2008 08:38 AM
The command will change the port status from dynamic to static access.
The Access Vlan does not necessarily place the switchport in Vlan 1. If you have a Vlan membership in the switchport, it will use that Vlan.
HTH,
__
Edison.
05-06-2008 07:24 AM
Hi,
shouldn't you also specify a violation action to get this to work? Ie:
interface FastEthernet0/5
switchport port-security maximum 2
switch port-security violation shutdown
Try that, see what happens-
Gary
05-06-2008 07:30 AM
If I issue that command nothing shows up in the running config. I believe that shutdown is the default action. If I set the action to restrict, it does show up in the config, but still shows as disabled when a show port-security interface f0/5 is done.
05-06-2008 07:41 AM
Hmmm...I'll try this on a switch as soon as I can, get back to you.
Is it learning MAC addresses? Can you try and trip the violation?
Gary
05-06-2008 07:44 AM
It does not look like its learning addresses, a show port-security give the following output:
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 8192
unfortunately I cannot test it because this is a live production switch in a different state.
05-06-2008 07:45 AM
I don't see the command
switchport port-security
on that interface. You need that command in order to enable that service.
switchport port-security maximum 2 alone won't do it.
HTH,
__
Edison.
05-06-2008 07:48 AM
When I try to issue the command
"switchport port-security" alone I get the following output:
Command rejected: FastEthernet0/1 is a dynamic port.
05-06-2008 07:51 AM
Type the command:
switchport mode access
HTH,
__
Edison.
05-06-2008 07:55 AM
I see, my understanding of "switchport mode access" is that this will allow the inteface access to vlan 1(please educate me if I'm wrong), I am using 100 for data and 200 for voice. Will it cause a problem to issue that command in this scenario?
05-06-2008 08:38 AM
The command will change the port status from dynamic to static access.
The Access Vlan does not necessarily place the switchport in Vlan 1. If you have a Vlan membership in the switchport, it will use that Vlan.
HTH,
__
Edison.
05-06-2008 08:46 AM
This did the trick. Thanks for your help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: