port-security

Unanswered Question
Feb 26th, 2009
User Badges:

Hi,

i am using 3750 stack switch configured with port-security. i have given max macaddress learned to 10 but when the mac address reach 3 the port is going to disable,


please advice.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
guruprasadr Thu, 02/26/2009 - 23:15
User Badges:
  • Gold, 750 points or more

HI Naga,


What is the Violation mode configured ?


FYI: Set the security violation mode or the action to be taken if port security is violated. The default is shutdown.


Pls RATE if HELPS.


Best Regards,


Guru Prasad R

Marwan ALshawi Thu, 02/26/2009 - 23:44
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

also make sure u hard code it as max mac 10



nagalingammk Fri, 02/27/2009 - 00:54
User Badges:

thanks for the reply,


yes i have done it please find the conf below,


interface GigabitEthernet1/0/23

switchport access vlan 220

switchport mode access

switchport voice vlan 420

switchport port-security maximum 10

switchport port-security

storm-control broadcast level 20.00 15.00

storm-control action trap

spanning-tree portfast

Marwan ALshawi Fri, 02/27/2009 - 03:20
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

did u get it working ?


by the way it dosent matter if u make the action shutdown or errordisable

this just an action

with error disable you can make it recoverautomaticaly after a while

while with shutdown action u have manuly reenable the port by issuing no shut


good luck

if helps rate

nagalingammk Fri, 02/27/2009 - 04:08
User Badges:

no, still i am facing the plb if i connect my fourth device it will down.after changeing the max mac to 10

Marwan ALshawi Fri, 02/27/2009 - 05:55
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

after changing the config and save it have you tried to reload it ?

nagalingammk Fri, 02/27/2009 - 22:39
User Badges:

hi,


i didnt reload as becoz of the live env,


just one clarification, the port security changes will effect only after reloding the switch?



ericgarnel Sun, 03/01/2009 - 07:44
User Badges:
  • Gold, 750 points or more

Just out of curiosity, are any of the machines running virtual servers (vmware,xen,etc.) in bridging mode?


Also, what is the output of your CAM ?

(taken from a 3560)


SER-N>sh mac address-table | include Gi0/1

48 0001.e62e.aa7e STATIC Gi0/1

48 000d.5616.1784 STATIC Gi0/1

48 000d.561f.b62b STATIC Gi0/1

48 000d.56ed.788b STATIC Gi0/1

48 0012.3fd6.f2e9 STATIC Gi0/1

48 0013.726a.b640 STATIC Gi0/1

48 0014.22ca.1484 STATIC Gi0/1

48 0014.3898.3be1 STATIC Gi0/1

48 0015.c537.88bf STATIC Gi0/1

48 0018.8ba6.d94d STATIC Gi0/1

48 0018.8bb9.4b79 STATIC Gi0/1

48 0018.8bc9.dca8 STATIC Gi0/1

48 0021.70a0.ddd4 STATIC Gi0/1

48 0021.70a3.e642 STATIC Gi0/1


SER-N#sh port-security

Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action

(Count) (Count) (Count)

---------------------------------------------------------------------------

Gi0/1 20 15 598 Restrict

Gi0/2 1 0 0 Restrict

Gi0/3 1 0 0 Restrict


ericgarnel Sun, 03/01/2009 - 07:49
User Badges:
  • Gold, 750 points or more

Another thought, are you using switchport port-security mac-address sticky?


Here is an example port conf w/o sticky

switchport mode access

switchport port-security maximum 20

switchport port-security

switchport port-security aging time 5

switchport port-security violation restrict


nagalingammk Sun, 03/01/2009 - 09:50
User Badges:

hi,


i am not using sticky, plz find conf below,


interface GigabitEthernet1/0/16

switchport access vlan 220

switchport mode access

switchport voice vlan 420

switchport port-security maximum 10

switchport port-security

switchport port-security violation restrict

storm-control broadcast level 20.00 15.00

storm-control action trap

spanning-tree portfast

!

nagalingammk Sun, 03/01/2009 - 09:46
User Badges:

Hi,


we are not using any vmware on any of the user PCs, please find the attached information from 3750 as requested


thanks



Attachment: 
nagalingammk Fri, 02/27/2009 - 00:59
User Badges:

thanks for the reply,


i have made it shutdown,

NHQ-4F#sh port-security in gi1/0/23

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Shutdown

Aging Time : 0 mins

Aging Type : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 10

Total MAC Addresses : 1

Configured MAC Addresses : 0

Sticky MAC Addresses : 0

Last Source Address:Vlan : 001d.a290.9bdd:420

Security Violation Count : 0


Actions

This Discussion