×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

cat 3550 & 4506 port-security

Unanswered Question
Aug 29th, 2006
User Badges:

I have 15 clusters of 3 x 3550's and 3 x 4506's with port-security configured on all access ports. Every day I experience random pot lockouts, on again random switches due to err-disable. Reason, switch seen MAC address 5258.5f55.55.c5 or address e8be.5bd3.5558 on port? The times indicate that this happens when clients either logon or logoff. We have update all drivers on the clients which are a mix of Dell's and Compaq's. Anyone came across this behaviour before? Port config attached.

interface FastEthernet0/1

switchport access vlan 11

switchport mode access

switchport port-security

switchport port-security mac-address sticky

switchport port-security mac-address sticky 000b.db43.a5e5

no ip address

spanning-tree portfast

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Prashanth Krishnappa Tue, 08/29/2006 - 05:27
User Badges:
  • Cisco Employee,

Check to see if the ports are seeing any errors. We had a bug in 3550s(CSCef15178) due to which MAC Learning would Occur on Frames with Bad CRC and lead to port-security violations. This is a hardware limitation not fixed in any IOS but there are couple workarounds you could use.


Configure


1) switchport port-security violation protect

or

2)switchport port-security violation restrict


on the secure ports. Then the ports would not shut down when they receive a garbled packet.


PS: Remember to rate useful posts.

j.lipsett Tue, 08/29/2006 - 05:59
User Badges:

Thank prkrishn for getting back so quick.


I will try some with the restict, as this will

send trap when a violation occurs. With this option packet are only dropped for the unknown address. Nice one.


Regards


John

Actions

This Discussion