cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
126944
Views
5
Helpful
7
Replies

Disable port security

samychihi21
Level 1
Level 1

Good morning every body :-)

i need your help;

i activated the port security in my packet tracer, and now this is what i have:

Switch#show port-security int fast 0/3

Port Security              : Enabled

Port Status                : Secure-up

Violation Mode             : Shutdown

Aging Time                 : 0 mins

Aging Type                 : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 1

Total MAC Addresses        : 1

Configured MAC Addresses   : 1

Sticky MAC Addresses       : 0

Last Source Address:Vlan   : 00D0.D3D1.3B86:1

Security Violation Count   : 0

actually i have 2 problems

1-i want desable port security

2-Sticky mac addresses is working fine after configuration, but it show always 0 except if i change Maximum MAC Addresses; is-it normal, or i made a mistake.

thank you very much for your help.

i'm new in cisco switching so i appreciate so much your help :-)

Regards.

4 Accepted Solutions

Accepted Solutions

Reza Sharifi
Hall of Fame
Hall of Fame

Hi Samy,

If you want to delete port security just login via cli and under that specific port do the following:

no switchport port-security maximum

no  switchport port-security mac-address sticky

no switchport port-security

HTH

Reza

View solution in original post

Ganesh Hariharan
VIP Alumni
VIP Alumni

Good morning every body :-)

i need your help;

i activated the port security in my packet tracer, and now this is what i have:

Switch#show port-security int fast 0/3

Port Security              : Enabled

Port Status                : Secure-up

Violation Mode             : Shutdown

Aging Time                 : 0 mins

Aging Type                 : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 1

Total MAC Addresses        : 1

Configured MAC Addresses   : 1

Sticky MAC Addresses       : 0

Last Source Address:Vlan   : 00D0.D3D1.3B86:1

Security Violation Count   : 0

actually i have 2 problems

1-i want desable port security

2-Sticky mac addresses is working fine after configuration, but it show always 0 except if i change Maximum MAC Addresses; is-it normal, or i made a mistake.

thank you very much for your help.

i'm new in cisco switching so i appreciate so much your help :-)

Regards.

Hi,

To disable port security on an interface, use the no form of this command.

switchport port-security
no switchport port-security

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_s6.html

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

View solution in original post

Hitesh Vinzoda
Level 4
Level 4

Hi,

You can disable the port-security as suggested by Reza or Ganesh, The answer related to your 2nd question is as below

Switch#show port-security int fast 0/3

Port Security              : Enabled

Port Status                : Secure-up

Violation Mode             : Shutdown

Aging Time                 : 0 mins

Aging Type                 : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 1

Total MAC Addresses        : 1

Configured MAC Addresses   : 1                         >> This should be "0"

Sticky MAC Addresses       : 0                              >> This should be "1"

Last Source Address:Vlan   : 00D0.D3D1.3B86:1

Security Violation Count   : 0

As you haven't configured the mac address it should be 0

also the mac address learned is via sticky so it should be 1

If you have configured sticky and port security is enabled than you are good to go. I think its problem with the packet tracert SIM.

View solution in original post

Hello every body, thanks for your help :-)

As you can see bellow

Switch#show port-security int fast 0/3
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1

Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0

after that i checked if i can remove the security-port and it is not working for port-security sticky

*Please see below and advice

Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#int fast 0/3
Switch(config-if)#no switchport port-security maximum
Switch(config-if)#no switchport port-security mac-address sticky
Switch(config-if)#no switchport port-security
Switch(config-if)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Switch#
Switch#
Switch#
Switch#show port-security int fast 0/3
Port Security              : Disabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1   => should be 0
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1    =>should be 0
Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0

Switch#

Thanks in advance

Hi Samy,

If you disable sticky learning by using the no switchport port-security mac-address sticky interface configuration command or the running configuration is removed, the sticky secure MAC addresses remain part of the running configuration but are removed from the address table. The addresses that were removed can be dynamically reconfigured and added to the address table as dynamic addresses.Without the sticky option, the mac-address association goes away after a specified period of time.

When you configure sticky secure MAC addresses by using the switchport port-security mac-address sticky mac-address interface configuration command, these addresses are added to the address table and the running configuration. If port security is disabled, the sticky secure MAC addresses remain in the running configuration.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_37_se/command/reference/cli3.html#wp1948361

Hope to Help !!

Ganesh.H

View solution in original post

7 Replies 7

Reza Sharifi
Hall of Fame
Hall of Fame

Hi Samy,

If you want to delete port security just login via cli and under that specific port do the following:

no switchport port-security maximum

no  switchport port-security mac-address sticky

no switchport port-security

HTH

Reza

Ganesh Hariharan
VIP Alumni
VIP Alumni

Good morning every body :-)

i need your help;

i activated the port security in my packet tracer, and now this is what i have:

Switch#show port-security int fast 0/3

Port Security              : Enabled

Port Status                : Secure-up

Violation Mode             : Shutdown

Aging Time                 : 0 mins

Aging Type                 : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 1

Total MAC Addresses        : 1

Configured MAC Addresses   : 1

Sticky MAC Addresses       : 0

Last Source Address:Vlan   : 00D0.D3D1.3B86:1

Security Violation Count   : 0

actually i have 2 problems

1-i want desable port security

2-Sticky mac addresses is working fine after configuration, but it show always 0 except if i change Maximum MAC Addresses; is-it normal, or i made a mistake.

thank you very much for your help.

i'm new in cisco switching so i appreciate so much your help :-)

Regards.

Hi,

To disable port security on an interface, use the no form of this command.

switchport port-security
no switchport port-security

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_s6.html

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Hitesh Vinzoda
Level 4
Level 4

Hi,

You can disable the port-security as suggested by Reza or Ganesh, The answer related to your 2nd question is as below

Switch#show port-security int fast 0/3

Port Security              : Enabled

Port Status                : Secure-up

Violation Mode             : Shutdown

Aging Time                 : 0 mins

Aging Type                 : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 1

Total MAC Addresses        : 1

Configured MAC Addresses   : 1                         >> This should be "0"

Sticky MAC Addresses       : 0                              >> This should be "1"

Last Source Address:Vlan   : 00D0.D3D1.3B86:1

Security Violation Count   : 0

As you haven't configured the mac address it should be 0

also the mac address learned is via sticky so it should be 1

If you have configured sticky and port security is enabled than you are good to go. I think its problem with the packet tracert SIM.

Thank you very much for your help,

i will check that to nif=ght at  home

@ Ganesh from TATA

happy to see your message, i always reply to your messages from Telecom italia sparkle :-)

Hello every body, thanks for your help :-)

As you can see bellow

Switch#show port-security int fast 0/3
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1

Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0

after that i checked if i can remove the security-port and it is not working for port-security sticky

*Please see below and advice

Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#int fast 0/3
Switch(config-if)#no switchport port-security maximum
Switch(config-if)#no switchport port-security mac-address sticky
Switch(config-if)#no switchport port-security
Switch(config-if)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Switch#
Switch#
Switch#
Switch#show port-security int fast 0/3
Port Security              : Disabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1   => should be 0
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1    =>should be 0
Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0

Switch#

Thanks in advance

Hello every body, thanks for your help :-)

As you can see bellow

Switch#show port-security int fast 0/3
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1

Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0

after that i checked if i can remove the security-port and it is not working for port-security sticky

*Please see below and advice

Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#int fast 0/3
Switch(config-if)#no switchport port-security maximum
Switch(config-if)#no switchport port-security mac-address sticky
Switch(config-if)#no switchport port-security
Switch(config-if)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Switch#
Switch#
Switch#
Switch#show port-security int fast 0/3
Port Security              : Disabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1   => should be 0
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1    =>should be 0
Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0

Switch#

Thanks in advance

Hi Samy,

If you disable sticky learning by using the no switchport port-security mac-address sticky interface configuration command or the running configuration is removed, the sticky secure MAC addresses remain part of the running configuration but are removed from the address table. The addresses that were removed can be dynamically reconfigured and added to the address table as dynamic addresses.Without the sticky option, the mac-address association goes away after a specified period of time.

When you configure sticky secure MAC addresses by using the switchport port-security mac-address sticky mac-address interface configuration command, these addresses are added to the address table and the running configuration. If port security is disabled, the sticky secure MAC addresses remain in the running configuration.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_37_se/command/reference/cli3.html#wp1948361

Hope to Help !!

Ganesh.H

Dear Ganesh;

Thank you very much for your answer.

You are really helpful :-)

Regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco