Unable to remove command from switchport

Unanswered Question
Nov 17th, 2008
User Badges:

Hi guys,

I am unable to remove a command from two of the switchports I have configured as part of an etherchannel (also trunk) to my core switch.

Please see below.

I cannot remove the port-security command

interface GigabitEthernet0/48

description TRUNK to SW001 M3-42 Gig 4/0/42

switchport port-security violation restrict

channel-protocol lacp

channel-group 1 mode active

spanning-tree portfast

spanning-tree link-type point-to-point


Any ideas why I cant and how I go about removing it?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
John Blakley Mon, 11/17/2008 - 13:17
User Badges:
  • Purple, 4500 points or more


default switchport port-security

See if that works for you.


andrew.butterworth Mon, 11/17/2008 - 13:20
User Badges:
  • Gold, 750 points or more

It looks like the port-security command was configured before you configured them as members of an EtherChannel. Since port-security isn't compatible with EtherChannel the CLI doesn't accept port-security commands when the port is configured as part of an EtherChannel.

You need to remove the EtherChannel configuration first before it will let you remove the port-security commands. The best way to do this is to shut the physical interfaces down, remove the channel-group command, then remove the switcport port-security command, re-add the channel-group command and then do a no shut.

I have just tested this on a 3550 and I get the same behaviour as you.



darren-carr Mon, 11/17/2008 - 13:39
User Badges:

Hi Andy,

Many thanks for your valuable input and also for those others who have posted.

As this is a production network I will attempt to make this change out of hours.

Appreciate your help and advice as always guys :)



This Discussion