port-security

Unanswered Question
Feb 26th, 2009

Hi,

i am using 3750 stack switch configured with port-security. i have given max macaddress learned to 10 but when the mac address reach 3 the port is going to disable,

please advice.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
guruprasadr Thu, 02/26/2009 - 23:15

HI Naga,

What is the Violation mode configured ?

FYI: Set the security violation mode or the action to be taken if port security is violated. The default is shutdown.

Pls RATE if HELPS.

Best Regards,

Guru Prasad R

nagalingammk Fri, 02/27/2009 - 00:54

thanks for the reply,

yes i have done it please find the conf below,

interface GigabitEthernet1/0/23

switchport access vlan 220

switchport mode access

switchport voice vlan 420

switchport port-security maximum 10

switchport port-security

storm-control broadcast level 20.00 15.00

storm-control action trap

spanning-tree portfast

Marwan ALshawi Fri, 02/27/2009 - 03:20

did u get it working ?

by the way it dosent matter if u make the action shutdown or errordisable

this just an action

with error disable you can make it recoverautomaticaly after a while

while with shutdown action u have manuly reenable the port by issuing no shut

good luck

if helps rate

nagalingammk Fri, 02/27/2009 - 04:08

no, still i am facing the plb if i connect my fourth device it will down.after changeing the max mac to 10

nagalingammk Fri, 02/27/2009 - 22:39

hi,

i didnt reload as becoz of the live env,

just one clarification, the port security changes will effect only after reloding the switch?

ericgarnel Sun, 03/01/2009 - 07:44

Just out of curiosity, are any of the machines running virtual servers (vmware,xen,etc.) in bridging mode?

Also, what is the output of your CAM ?

(taken from a 3560)

SER-N>sh mac address-table | include Gi0/1

48 0001.e62e.aa7e STATIC Gi0/1

48 000d.5616.1784 STATIC Gi0/1

48 000d.561f.b62b STATIC Gi0/1

48 000d.56ed.788b STATIC Gi0/1

48 0012.3fd6.f2e9 STATIC Gi0/1

48 0013.726a.b640 STATIC Gi0/1

48 0014.22ca.1484 STATIC Gi0/1

48 0014.3898.3be1 STATIC Gi0/1

48 0015.c537.88bf STATIC Gi0/1

48 0018.8ba6.d94d STATIC Gi0/1

48 0018.8bb9.4b79 STATIC Gi0/1

48 0018.8bc9.dca8 STATIC Gi0/1

48 0021.70a0.ddd4 STATIC Gi0/1

48 0021.70a3.e642 STATIC Gi0/1

SER-N#sh port-security

Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action

(Count) (Count) (Count)

---------------------------------------------------------------------------

Gi0/1 20 15 598 Restrict

Gi0/2 1 0 0 Restrict

Gi0/3 1 0 0 Restrict

ericgarnel Sun, 03/01/2009 - 07:49

Another thought, are you using switchport port-security mac-address sticky?

Here is an example port conf w/o sticky

switchport mode access

switchport port-security maximum 20

switchport port-security

switchport port-security aging time 5

switchport port-security violation restrict

nagalingammk Sun, 03/01/2009 - 09:50

hi,

i am not using sticky, plz find conf below,

interface GigabitEthernet1/0/16

switchport access vlan 220

switchport mode access

switchport voice vlan 420

switchport port-security maximum 10

switchport port-security

switchport port-security violation restrict

storm-control broadcast level 20.00 15.00

storm-control action trap

spanning-tree portfast

!

nagalingammk Sun, 03/01/2009 - 09:46

Hi,

we are not using any vmware on any of the user PCs, please find the attached information from 3750 as requested

thanks

Attachment: 
nagalingammk Fri, 02/27/2009 - 00:59

thanks for the reply,

i have made it shutdown,

NHQ-4F#sh port-security in gi1/0/23

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Shutdown

Aging Time : 0 mins

Aging Type : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 10

Total MAC Addresses : 1

Configured MAC Addresses : 0

Sticky MAC Addresses : 0

Last Source Address:Vlan : 001d.a290.9bdd:420

Security Violation Count : 0

Actions

This Discussion