Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
6
Helpful
4
Replies

PC can't work on another port when port security is enabled

qilin zhang
Level 1
Level 1

‎11-14-2009 07:49 AM - edited ‎03-06-2019 08:36 AM

Dears,

For the infrastructure security purpose, I configured port security feature on the port and DHCP snooping on the switch. After that I found the problem that when the PC plugged into the port first, it can obtain the ip address through DHCP, but if the PC moved to another port in the same VLAN on the same switch, it can't obtain the ip address any more while other PCs plugged into the same port worked correctly.

what would be the reason to prevent the PC from obtaining the ip address. Port security feature or DHCP snooping?

Thanks,

Kirin

Labels:
0 Helpful
4 Replies 4

mmacdonald70
Level 1
Level 1

‎11-14-2009 08:31 AM

Port security. When the switch learns an address on one port, it is considered a violation to see it on another port. Clear the mac address from the first port.

qilin zhang
Level 1
Level 1
In response to mmacdonald70

‎11-14-2009 07:39 PM

Hi Mmacdonald,

Does that mean Port Security feature is not suitable for the LAN which has a lot of laptops and need change their location frequently.

Thanks

Kirin

0 Helpful

Muhammad Anser Khan
Level 1
Level 1
In response to qilin zhang

‎11-15-2009 04:53 AM

No. You can set the aging time for releasing MAC address from the port.

for example:

Following command will do When there is no traffic for 1 mins under the interface. It will release the MAC address from this port:

Switch(config-if)#switchport port-security aging time 1

Switch(config-if)#switchport port-security aging type inactivity

HTH

Regards,

Anser

0 Helpful

tharsan86
Level 1
Level 1

‎11-14-2009 10:23 AM

Hi Kirin

Cisco Port-Security can help to

•restrict the MAC-address or addresses that can connect through a switchport [default: first connected device MAC Address]

•restrict the number of MAC-Addresses that can connect through a switchport [default is 1 and maximum is 128]

•set aging in minutes of the MAC Addresses registed

•Action to take when there is a violation detected (default is to disable the port and send an SNMP Trap message to the SNMP management server (if any))

To display the security MAC-Address table

Switch# show port-security address- lists all the learned MAC addresses by interface

Show port-security interface fa0/1 - shows the detailed port security settings for an interface, including enable/disable status

To clear the violation on the port

Issue the following command:

Switch#clear port-security interface sticky fa0/0(choose the down int )

and then issue commands "shut" and "no shut" on the interface that has been put in down/down state due to port-security violation.

***pls rate if it helps***

Thanks

Tharsan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card