Disable port security

Answered Question
Jun 13th, 2010

Good morning every body :-)

i need your help;

i activated the port security in my packet tracer, and now this is what i have:

Switch#show port-security int fast 0/3

Port Security              : Enabled

Port Status                : Secure-up

Violation Mode             : Shutdown

Aging Time                 : 0 mins

Aging Type                 : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 1

Total MAC Addresses        : 1

Configured MAC Addresses   : 1

Sticky MAC Addresses       : 0

Last Source Address:Vlan   : 00D0.D3D1.3B86:1

Security Violation Count   : 0

actually i have 2 problems

1-i want desable port security

2-Sticky mac addresses is working fine after configuration, but it show always 0 except if i change Maximum MAC Addresses; is-it normal, or i made a mistake.

thank you very much for your help.

i'm new in cisco switching so i appreciate so much your help :-)

Regards.

I have this problem too.
0 votes
Correct Answer by ganeshh.iyer about 4 years 8 months ago

Hello every body, thanks for your help :-)

As you can see bellow

Switch#show port-security int fast 0/3
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1

Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0

after that i checked if i can remove the security-port and it is not working for port-security sticky

*Please see below and advice

Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#int fast 0/3
Switch(config-if)#no switchport port-security maximum
Switch(config-if)#no switchport port-security mac-address sticky
Switch(config-if)#no switchport port-security
Switch(config-if)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Switch#
Switch#
Switch#
Switch#show port-security int fast 0/3
Port Security              : Disabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1   => should be 0
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1    =>should be 0
Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0

Switch#

Thanks in advance

Hi Samy,

If you disable sticky learning by using the no switchport port-security mac-address sticky interface configuration command or the running configuration is removed, the sticky secure MAC addresses remain part of the running configuration but are removed from the address table. The addresses that were removed can be dynamically reconfigured and added to the address table as dynamic addresses.Without the sticky option, the mac-address association goes away after a specified period of time.

When you configure sticky secure MAC addresses by using the switchport port-security mac-address sticky mac-address interface configuration command, these addresses are added to the address table and the running configuration. If port security is disabled, the sticky secure MAC addresses remain in the running configuration.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_37_se/command/reference/cli3.html#wp1948361

Hope to Help !!

Ganesh.H

Correct Answer by Hitesh Vinzoda about 4 years 8 months ago

Hi,

You can disable the port-security as suggested by Reza or Ganesh, The answer related to your 2nd question is as below

Switch#show port-security int fast 0/3

Port Security              : Enabled

Port Status                : Secure-up

Violation Mode             : Shutdown

Aging Time                 : 0 mins

Aging Type                 : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 1

Total MAC Addresses        : 1

Configured MAC Addresses   : 1                         >> This should be "0"

Sticky MAC Addresses       : 0                              >> This should be "1"

Last Source Address:Vlan   : 00D0.D3D1.3B86:1

Security Violation Count   : 0

As you haven't configured the mac address it should be 0

also the mac address learned is via sticky so it should be 1

If you have configured sticky and port security is enabled than you are good to go. I think its problem with the packet tracert SIM.

Correct Answer by ganeshh.iyer about 4 years 8 months ago

Good morning every body :-)

i need your help;

i activated the port security in my packet tracer, and now this is what i have:

Switch#show port-security int fast 0/3

Port Security              : Enabled

Port Status                : Secure-up

Violation Mode             : Shutdown

Aging Time                 : 0 mins

Aging Type                 : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 1

Total MAC Addresses        : 1

Configured MAC Addresses   : 1

Sticky MAC Addresses       : 0

Last Source Address:Vlan   : 00D0.D3D1.3B86:1

Security Violation Count   : 0

actually i have 2 problems

1-i want desable port security

2-Sticky mac addresses is working fine after configuration, but it show always 0 except if i change Maximum MAC Addresses; is-it normal, or i made a mistake.

thank you very much for your help.

i'm new in cisco switching so i appreciate so much your help :-)

Regards.

Hi,

To disable port security on an interface, use the no form of this command.

switchport port-security
no switchport port-security

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_s6.html

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Correct Answer by Reza Sharifi about 4 years 8 months ago

Hi Samy,

If you want to delete port security just login via cli and under that specific port do the following:

no switchport port-security maximum

no  switchport port-security mac-address sticky

no switchport port-security

HTH

Reza

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (4 ratings)
Correct Answer
Reza Sharifi Sun, 06/13/2010 - 20:34

Hi Samy,

If you want to delete port security just login via cli and under that specific port do the following:

no switchport port-security maximum

no  switchport port-security mac-address sticky

no switchport port-security

HTH

Reza

Correct Answer
ganeshh.iyer Mon, 06/14/2010 - 02:10

Good morning every body :-)

i need your help;

i activated the port security in my packet tracer, and now this is what i have:

Switch#show port-security int fast 0/3

Port Security              : Enabled

Port Status                : Secure-up

Violation Mode             : Shutdown

Aging Time                 : 0 mins

Aging Type                 : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 1

Total MAC Addresses        : 1

Configured MAC Addresses   : 1

Sticky MAC Addresses       : 0

Last Source Address:Vlan   : 00D0.D3D1.3B86:1

Security Violation Count   : 0

actually i have 2 problems

1-i want desable port security

2-Sticky mac addresses is working fine after configuration, but it show always 0 except if i change Maximum MAC Addresses; is-it normal, or i made a mistake.

thank you very much for your help.

i'm new in cisco switching so i appreciate so much your help :-)

Regards.

Hi,

To disable port security on an interface, use the no form of this command.

switchport port-security
no switchport port-security

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_s6.html

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Correct Answer
Hitesh Vinzoda Mon, 06/14/2010 - 03:07

Hi,

You can disable the port-security as suggested by Reza or Ganesh, The answer related to your 2nd question is as below

Switch#show port-security int fast 0/3

Port Security              : Enabled

Port Status                : Secure-up

Violation Mode             : Shutdown

Aging Time                 : 0 mins

Aging Type                 : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 1

Total MAC Addresses        : 1

Configured MAC Addresses   : 1                         >> This should be "0"

Sticky MAC Addresses       : 0                              >> This should be "1"

Last Source Address:Vlan   : 00D0.D3D1.3B86:1

Security Violation Count   : 0

As you haven't configured the mac address it should be 0

also the mac address learned is via sticky so it should be 1

If you have configured sticky and port security is enabled than you are good to go. I think its problem with the packet tracert SIM.

samychihi21 Mon, 06/14/2010 - 12:00

Thank you very much for your help,

i will check that to nif=ght at  home

@ Ganesh from TATA

happy to see your message, i always reply to your messages from Telecom italia sparkle :-)

samychihi21 Tue, 06/15/2010 - 09:29

Hello every body, thanks for your help :-)

As you can see bellow

Switch#show port-security int fast 0/3
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1

Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0

after that i checked if i can remove the security-port and it is not working for port-security sticky

*Please see below and advice

Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#int fast 0/3
Switch(config-if)#no switchport port-security maximum
Switch(config-if)#no switchport port-security mac-address sticky
Switch(config-if)#no switchport port-security
Switch(config-if)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Switch#
Switch#
Switch#
Switch#show port-security int fast 0/3
Port Security              : Disabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1   => should be 0
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1    =>should be 0
Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0

Switch#

Thanks in advance

Correct Answer
ganeshh.iyer Wed, 06/16/2010 - 08:05

Hello every body, thanks for your help :-)

As you can see bellow

Switch#show port-security int fast 0/3
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1

Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0

after that i checked if i can remove the security-port and it is not working for port-security sticky

*Please see below and advice

Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#int fast 0/3
Switch(config-if)#no switchport port-security maximum
Switch(config-if)#no switchport port-security mac-address sticky
Switch(config-if)#no switchport port-security
Switch(config-if)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Switch#
Switch#
Switch#
Switch#show port-security int fast 0/3
Port Security              : Disabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1   => should be 0
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1    =>should be 0
Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0

Switch#

Thanks in advance

Hi Samy,

If you disable sticky learning by using the no switchport port-security mac-address sticky interface configuration command or the running configuration is removed, the sticky secure MAC addresses remain part of the running configuration but are removed from the address table. The addresses that were removed can be dynamically reconfigured and added to the address table as dynamic addresses.Without the sticky option, the mac-address association goes away after a specified period of time.

When you configure sticky secure MAC addresses by using the switchport port-security mac-address sticky mac-address interface configuration command, these addresses are added to the address table and the running configuration. If port security is disabled, the sticky secure MAC addresses remain in the running configuration.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_37_se/command/reference/cli3.html#wp1948361

Hope to Help !!

Ganesh.H

samychihi21 Wed, 06/16/2010 - 20:16

Dear Ganesh;

Thank you very much for your answer.

You are really helpful :-)

Regards

Actions

Login or Register to take actions

This Discussion

Posted June 13, 2010 at 7:00 PM
Stats:
Replies:7 Avg. Rating:5
Views:13990 Votes:0
Shares:0
Tags: No tags.
 

Discussions Leaderboard

Rank Username Points
1 16,069
2 9,198
3 8,197
4 7,552
5 7,538