11-14-2009 07:49 AM - edited 03-06-2019 08:36 AM
Dears,
For the infrastructure security purpose, I configured port security feature on the port and DHCP snooping on the switch. After that I found the problem that when the PC plugged into the port first, it can obtain the ip address through DHCP, but if the PC moved to another port in the same VLAN on the same switch, it can't obtain the ip address any more while other PCs plugged into the same port worked correctly.
what would be the reason to prevent the PC from obtaining the ip address. Port security feature or DHCP snooping?
Thanks,
Kirin
11-14-2009 08:31 AM
Port security. When the switch learns an address on one port, it is considered a violation to see it on another port. Clear the mac address from the first port.
11-14-2009 07:39 PM
Hi Mmacdonald,
Does that mean Port Security feature is not suitable for the LAN which has a lot of laptops and need change their location frequently.
Thanks
Kirin
11-15-2009 04:53 AM
No. You can set the aging time for releasing MAC address from the port.
for example:
Following command will do When there is no traffic for 1 mins under the interface. It will release the MAC address from this port:
Switch(config-if)#switchport port-security aging time 1
Switch(config-if)#switchport port-security aging type inactivity
HTH
Regards,
Anser
11-14-2009 10:23 AM
Hi Kirin
Cisco Port-Security can help to
â¢restrict the MAC-address or addresses that can connect through a switchport [default: first connected device MAC Address]
â¢restrict the number of MAC-Addresses that can connect through a switchport [default is 1 and maximum is 128]
â¢set aging in minutes of the MAC Addresses registed
â¢Action to take when there is a violation detected (default is to disable the port and send an SNMP Trap message to the SNMP management server (if any))
To display the security MAC-Address table
Switch# show port-security address- lists all the learned MAC addresses by interface
Show port-security interface fa0/1 - shows the detailed port security settings for an interface, including enable/disable status
To clear the violation on the port
Issue the following command:
Switch#clear port-security interface sticky fa0/0(choose the down int )
and then issue commands "shut" and "no shut" on the interface that has been put in down/down state due to port-security violation.
***pls rate if it helps***
Thanks
Tharsan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide