Disable port security

Answered Question
Jun 13th, 2010
User Badges:

Good morning every body :-)

i need your help;

i activated the port security in my packet tracer, and now this is what i have:



Switch#show port-security int fast 0/3

Port Security              : Enabled

Port Status                : Secure-up

Violation Mode             : Shutdown

Aging Time                 : 0 mins

Aging Type                 : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 1

Total MAC Addresses        : 1

Configured MAC Addresses   : 1

Sticky MAC Addresses       : 0

Last Source Address:Vlan   : 00D0.D3D1.3B86:1

Security Violation Count   : 0




actually i have 2 problems

1-i want desable port security

2-Sticky mac addresses is working fine after configuration, but it show always 0 except if i change Maximum MAC Addresses; is-it normal, or i made a mistake.

thank you very much for your help.

i'm new in cisco switching so i appreciate so much your help :-)

Regards.

Correct Answer by Ganesh Hariharan about 6 years 9 months ago

Hello every body, thanks for your help :-)


As you can see bellow


Switch#show port-security int fast 0/3
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1

Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0



after that i checked if i can remove the security-port and it is not working for port-security sticky


*Please see below and advice




Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#int fast 0/3
Switch(config-if)#no switchport port-security maximum
Switch(config-if)#no switchport port-security mac-address sticky
Switch(config-if)#no switchport port-security
Switch(config-if)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Switch#
Switch#
Switch#
Switch#show port-security int fast 0/3
Port Security              : Disabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1   => should be 0
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1    =>should be 0
Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0


Switch#




Thanks in advance


Hi Samy,


If you disable sticky learning by using the no switchport port-security mac-address sticky interface configuration command or the running configuration is removed, the sticky secure MAC addresses remain part of the running configuration but are removed from the address table. The addresses that were removed can be dynamically reconfigured and added to the address table as dynamic addresses.Without the sticky option, the mac-address association goes away after a specified period of time.


When you configure sticky secure MAC addresses by using the switchport port-security mac-address sticky mac-address interface configuration command, these addresses are added to the address table and the running configuration. If port security is disabled, the sticky secure MAC addresses remain in the running configuration.


http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_37_se/command/reference/cli3.html#wp1948361


Hope to Help !!


Ganesh.H

Correct Answer by Hitesh Vinzoda about 6 years 9 months ago

Hi,


You can disable the port-security as suggested by Reza or Ganesh, The answer related to your 2nd question is as below


Switch#show port-security int fast 0/3

Port Security              : Enabled

Port Status                : Secure-up

Violation Mode             : Shutdown

Aging Time                 : 0 mins

Aging Type                 : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 1

Total MAC Addresses        : 1

Configured MAC Addresses   : 1                         >> This should be "0"

Sticky MAC Addresses       : 0                              >> This should be "1"

Last Source Address:Vlan   : 00D0.D3D1.3B86:1

Security Violation Count   : 0


As you haven't configured the mac address it should be 0

also the mac address learned is via sticky so it should be 1


If you have configured sticky and port security is enabled than you are good to go. I think its problem with the packet tracert SIM.

Correct Answer by Ganesh Hariharan about 6 years 9 months ago

Good morning every body :-)

i need your help;

i activated the port security in my packet tracer, and now this is what i have:



Switch#show port-security int fast 0/3

Port Security              : Enabled

Port Status                : Secure-up

Violation Mode             : Shutdown

Aging Time                 : 0 mins

Aging Type                 : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 1

Total MAC Addresses        : 1

Configured MAC Addresses   : 1

Sticky MAC Addresses       : 0

Last Source Address:Vlan   : 00D0.D3D1.3B86:1

Security Violation Count   : 0




actually i have 2 problems

1-i want desable port security

2-Sticky mac addresses is working fine after configuration, but it show always 0 except if i change Maximum MAC Addresses; is-it normal, or i made a mistake.

thank you very much for your help.

i'm new in cisco switching so i appreciate so much your help :-)

Regards.

Hi,


To disable port security on an interface, use the no form of this command.


switchport port-security
no switchport port-security


http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_s6.html


Hope to Help !!


Ganesh.H


Remember to rate the helpful post

Correct Answer by Reza Sharifi about 6 years 9 months ago

Hi Samy,


If you want to delete port security just login via cli and under that specific port do the following:


no switchport port-security maximum

no  switchport port-security mac-address sticky

no switchport port-security


HTH

Reza

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Correct Answer
Reza Sharifi Sun, 06/13/2010 - 20:34
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

Hi Samy,


If you want to delete port security just login via cli and under that specific port do the following:


no switchport port-security maximum

no  switchport port-security mac-address sticky

no switchport port-security


HTH

Reza

Correct Answer
Ganesh Hariharan Mon, 06/14/2010 - 02:10
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Good morning every body :-)

i need your help;

i activated the port security in my packet tracer, and now this is what i have:



Switch#show port-security int fast 0/3

Port Security              : Enabled

Port Status                : Secure-up

Violation Mode             : Shutdown

Aging Time                 : 0 mins

Aging Type                 : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 1

Total MAC Addresses        : 1

Configured MAC Addresses   : 1

Sticky MAC Addresses       : 0

Last Source Address:Vlan   : 00D0.D3D1.3B86:1

Security Violation Count   : 0




actually i have 2 problems

1-i want desable port security

2-Sticky mac addresses is working fine after configuration, but it show always 0 except if i change Maximum MAC Addresses; is-it normal, or i made a mistake.

thank you very much for your help.

i'm new in cisco switching so i appreciate so much your help :-)

Regards.

Hi,


To disable port security on an interface, use the no form of this command.


switchport port-security
no switchport port-security


http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_s6.html


Hope to Help !!


Ganesh.H


Remember to rate the helpful post

Correct Answer
Hitesh Vinzoda Mon, 06/14/2010 - 03:07
User Badges:
  • Silver, 250 points or more

Hi,


You can disable the port-security as suggested by Reza or Ganesh, The answer related to your 2nd question is as below


Switch#show port-security int fast 0/3

Port Security              : Enabled

Port Status                : Secure-up

Violation Mode             : Shutdown

Aging Time                 : 0 mins

Aging Type                 : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 1

Total MAC Addresses        : 1

Configured MAC Addresses   : 1                         >> This should be "0"

Sticky MAC Addresses       : 0                              >> This should be "1"

Last Source Address:Vlan   : 00D0.D3D1.3B86:1

Security Violation Count   : 0


As you haven't configured the mac address it should be 0

also the mac address learned is via sticky so it should be 1


If you have configured sticky and port security is enabled than you are good to go. I think its problem with the packet tracert SIM.

samychihi21 Mon, 06/14/2010 - 12:00
User Badges:

Thank you very much for your help,

i will check that to nif=ght at  home

@ Ganesh from TATA

happy to see your message, i always reply to your messages from Telecom italia sparkle :-)

samychihi21 Tue, 06/15/2010 - 09:29
User Badges:

Hello every body, thanks for your help :-)


As you can see bellow


Switch#show port-security int fast 0/3
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1

Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0



after that i checked if i can remove the security-port and it is not working for port-security sticky


*Please see below and advice




Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#int fast 0/3
Switch(config-if)#no switchport port-security maximum
Switch(config-if)#no switchport port-security mac-address sticky
Switch(config-if)#no switchport port-security
Switch(config-if)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Switch#
Switch#
Switch#
Switch#show port-security int fast 0/3
Port Security              : Disabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1   => should be 0
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1    =>should be 0
Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0


Switch#




Thanks in advance

Correct Answer
Ganesh Hariharan Wed, 06/16/2010 - 08:05
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hello every body, thanks for your help :-)


As you can see bellow


Switch#show port-security int fast 0/3
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1

Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0



after that i checked if i can remove the security-port and it is not working for port-security sticky


*Please see below and advice




Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#int fast 0/3
Switch(config-if)#no switchport port-security maximum
Switch(config-if)#no switchport port-security mac-address sticky
Switch(config-if)#no switchport port-security
Switch(config-if)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Switch#
Switch#
Switch#
Switch#show port-security int fast 0/3
Port Security              : Disabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1   => should be 0
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1    =>should be 0
Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0


Switch#




Thanks in advance


Hi Samy,


If you disable sticky learning by using the no switchport port-security mac-address sticky interface configuration command or the running configuration is removed, the sticky secure MAC addresses remain part of the running configuration but are removed from the address table. The addresses that were removed can be dynamically reconfigured and added to the address table as dynamic addresses.Without the sticky option, the mac-address association goes away after a specified period of time.


When you configure sticky secure MAC addresses by using the switchport port-security mac-address sticky mac-address interface configuration command, these addresses are added to the address table and the running configuration. If port security is disabled, the sticky secure MAC addresses remain in the running configuration.


http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_37_se/command/reference/cli3.html#wp1948361


Hope to Help !!


Ganesh.H

samychihi21 Wed, 06/16/2010 - 20:16
User Badges:

Dear Ganesh;

Thank you very much for your answer.

You are really helpful :-)


Regards

Actions

This Discussion