cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
813
Views
0
Helpful
4
Replies

Enabling port security on C4507R shuts down port

japonte
Level 1
Level 1

I'm trying to enable port security on several 4507R's. When I try to configure a range of ports the switch will randomly put 1 or 2 in err-disable.  It's different every time I apply the config to the same group of ports.  However if I do them one at a time it seems to work.  But I really don't want to configure 6 fully populated switches one port at a time.   We also have a lot of 3750's and they gave me no problem using a port range.

Here is the config I'm trying to configure

 

switchport port-security

switchport port-security maximum 2

switchport port-security aging time 1

switchport port-security aging type inactivity

  

The IOS version is. 12.2(25)EWA8

1 Accepted Solution

Accepted Solutions

Benjamin Kools
Level 1
Level 1

Try rearranging the order in which you put the commands in. Put "switchport port-security" in last, as immediately when you enter this command, port security is enabled with the default maximum of 1 mac address per interface. If a port has two hosts on it before the next command setting the maximum to 2 is entered, it will get disabled.

Another option is to temporarily enable error disable recovery:

errdisable recovery cause psecure-violation

errdisbale recovery interval 'seconds'

Sent from Cisco Technical Support iPad App

View solution in original post

4 Replies 4

Benjamin Kools
Level 1
Level 1

Try rearranging the order in which you put the commands in. Put "switchport port-security" in last, as immediately when you enter this command, port security is enabled with the default maximum of 1 mac address per interface. If a port has two hosts on it before the next command setting the maximum to 2 is entered, it will get disabled.

Another option is to temporarily enable error disable recovery:

errdisable recovery cause psecure-violation

errdisbale recovery interval 'seconds'

Sent from Cisco Technical Support iPad App

Thanks.  I'll try that tonigh and let you know.

Hi,

Make sure the ports you're trying to configure are access ports (switchport mode access).

Sent from Cisco Technical Support iPhone App

That did the trick.  I put switchport port-security at the bottom and when I applied it to ranges no ports went int err-disable.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: