02-26-2009 10:15 PM - edited 03-06-2019 04:17 AM
Hi,
i am using 3750 stack switch configured with port-security. i have given max macaddress learned to 10 but when the mac address reach 3 the port is going to disable,
please advice.
02-26-2009 11:15 PM
HI Naga,
What is the Violation mode configured ?
FYI: Set the security violation mode or the action to be taken if port security is violated. The default is shutdown.
Pls RATE if HELPS.
Best Regards,
Guru Prasad R
02-26-2009 11:44 PM
also make sure u hard code it as max mac 10
02-27-2009 12:54 AM
thanks for the reply,
yes i have done it please find the conf below,
interface GigabitEthernet1/0/23
switchport access vlan 220
switchport mode access
switchport voice vlan 420
switchport port-security maximum 10
switchport port-security
storm-control broadcast level 20.00 15.00
storm-control action trap
spanning-tree portfast
02-27-2009 03:20 AM
did u get it working ?
by the way it dosent matter if u make the action shutdown or errordisable
this just an action
with error disable you can make it recoverautomaticaly after a while
while with shutdown action u have manuly reenable the port by issuing no shut
good luck
if helps rate
02-27-2009 04:08 AM
no, still i am facing the plb if i connect my fourth device it will down.after changeing the max mac to 10
02-27-2009 05:55 AM
after changing the config and save it have you tried to reload it ?
02-27-2009 10:39 PM
hi,
i didnt reload as becoz of the live env,
just one clarification, the port security changes will effect only after reloding the switch?
03-01-2009 07:44 AM
Just out of curiosity, are any of the machines running virtual servers (vmware,xen,etc.) in bridging mode?
Also, what is the output of your CAM ?
(taken from a 3560)
SER-N>sh mac address-table | include Gi0/1
48 0001.e62e.aa7e STATIC Gi0/1
48 000d.5616.1784 STATIC Gi0/1
48 000d.561f.b62b STATIC Gi0/1
48 000d.56ed.788b STATIC Gi0/1
48 0012.3fd6.f2e9 STATIC Gi0/1
48 0013.726a.b640 STATIC Gi0/1
48 0014.22ca.1484 STATIC Gi0/1
48 0014.3898.3be1 STATIC Gi0/1
48 0015.c537.88bf STATIC Gi0/1
48 0018.8ba6.d94d STATIC Gi0/1
48 0018.8bb9.4b79 STATIC Gi0/1
48 0018.8bc9.dca8 STATIC Gi0/1
48 0021.70a0.ddd4 STATIC Gi0/1
48 0021.70a3.e642 STATIC Gi0/1
SER-N#sh port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
---------------------------------------------------------------------------
Gi0/1 20 15 598 Restrict
Gi0/2 1 0 0 Restrict
Gi0/3 1 0 0 Restrict
03-01-2009 07:49 AM
Another thought, are you using switchport port-security mac-address sticky?
Here is an example port conf w/o sticky
switchport mode access
switchport port-security maximum 20
switchport port-security
switchport port-security aging time 5
switchport port-security violation restrict
03-01-2009 09:50 AM
hi,
i am not using sticky, plz find conf below,
interface GigabitEthernet1/0/16
switchport access vlan 220
switchport mode access
switchport voice vlan 420
switchport port-security maximum 10
switchport port-security
switchport port-security violation restrict
storm-control broadcast level 20.00 15.00
storm-control action trap
spanning-tree portfast
!
03-01-2009 09:46 AM
02-27-2009 12:59 AM
thanks for the reply,
i have made it shutdown,
NHQ-4F#sh port-security in gi1/0/23
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 10
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 001d.a290.9bdd:420
Security Violation Count : 0
02-27-2009 05:59 AM
With port security on; check that the mac addr is not also showing up on another port.
02-27-2009 10:41 PM
no,
i have give the command clear port-sec all,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide