05-06-2008 07:14 AM - edited 03-05-2019 10:47 PM
I have a 2960 @ a remote site. I set the port-security as shown here (all interfaces are set the same except for the uplink):
interface FastEthernet0/5
switchport access vlan 100
switchport voice vlan 200
switchport port-security maximum 2
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
but when I
"show port-security interface fastEthernet 0/5"
I get output stating that port security is disabled
Port Security : Disabled
Port Status : Secure-down
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 2
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0
a "show IP interface brief" shows this port is up up.
any ideas?
Solved! Go to Solution.
05-06-2008 08:38 AM
The command will change the port status from dynamic to static access.
The Access Vlan does not necessarily place the switchport in Vlan 1. If you have a Vlan membership in the switchport, it will use that Vlan.
HTH,
__
Edison.
05-06-2008 07:24 AM
Hi,
shouldn't you also specify a violation action to get this to work? Ie:
interface FastEthernet0/5
switchport port-security maximum 2
switch port-security violation shutdown
Try that, see what happens-
Gary
05-06-2008 07:30 AM
If I issue that command nothing shows up in the running config. I believe that shutdown is the default action. If I set the action to restrict, it does show up in the config, but still shows as disabled when a show port-security interface f0/5 is done.
05-06-2008 07:41 AM
Hmmm...I'll try this on a switch as soon as I can, get back to you.
Is it learning MAC addresses? Can you try and trip the violation?
Gary
05-06-2008 07:44 AM
It does not look like its learning addresses, a show port-security give the following output:
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 8192
unfortunately I cannot test it because this is a live production switch in a different state.
05-06-2008 07:45 AM
I don't see the command
switchport port-security
on that interface. You need that command in order to enable that service.
switchport port-security maximum 2 alone won't do it.
HTH,
__
Edison.
05-06-2008 07:48 AM
When I try to issue the command
"switchport port-security" alone I get the following output:
Command rejected: FastEthernet0/1 is a dynamic port.
05-06-2008 07:51 AM
Type the command:
switchport mode access
HTH,
__
Edison.
05-06-2008 07:55 AM
I see, my understanding of "switchport mode access" is that this will allow the inteface access to vlan 1(please educate me if I'm wrong), I am using 100 for data and 200 for voice. Will it cause a problem to issue that command in this scenario?
05-06-2008 08:38 AM
The command will change the port status from dynamic to static access.
The Access Vlan does not necessarily place the switchport in Vlan 1. If you have a Vlan membership in the switchport, it will use that Vlan.
HTH,
__
Edison.
05-06-2008 08:46 AM
This did the trick. Thanks for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide