Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

4900 switches and port-security

Hi,

We are facing strange situation with port-security @ 4948-10G switch (ipbase-12.2.53SG)

Port config:

!

interface GigabitEthernet1/6

switchport access vlan 388

switchport mode access

switchport port-security maximum 30

switchport port-security

switchport port-security aging time 5

switchport port-security violation restrict

switchport port-security aging type inactivity

no cdp enable

spanning-tree portfast

!

With VMware server attached to it, some macs are not secured:

sh port-security int gi 1/6

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Restrict

Aging Time : 5 mins

Aging Type : Inactivity

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 30

Total MAC Addresses : 2

Configured MAC Addresses : 0

Sticky MAC Addresses : 0

Last Source Address:Vlan : 000c.2974.9822:388

Security Violation Count : 0

sh mac- int gi 1/6

Unicast Entries

vlan mac address type protocols port

-------+---------------+--------+---------------------+--------------------

388 000c.296d.e7c8 static ip,ipx,assigned,other GigabitEthernet1/6

388 000c.2974.9822 static ip,ipx,assigned,other GigabitEthernet1/6

388 0050.5643.3731 dynamic ip GigabitEthernet1/6

Multicast Entries

vlan mac address type ports

-------+---------------+-------+--------------------------------------------

388 ffff.ffff.ffff system Gi1/5,Gi1/6,Te1/49,Te1/50

sh port-security interface gi1/6 address

Secure Mac Address Table

------------------------------------------------------------------------

Vlan Mac Address Type Ports Remaining Age

(mins)

---- ----------- ---- ----- -------------

388 000c.296d.e7c8 SecureDynamic Gi1/6 5 (I)

388 000c.2974.9822 SecureDynamic Gi1/6 5 (I)

------------------------------------------------------------------------

Total Addresses: 2

Why 0050.5643.3731 not in SecureDynamic state?

Btw, some other ports with the same config, does not have any secured macs at all:

sh port-security int gi 1/5

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Restrict

Aging Time : 5 mins

Aging Type : Inactivity

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 30

Total MAC Addresses : 0

Configured MAC Addresses : 0

Sticky MAC Addresses : 0

Last Source Address:Vlan : 000c.29e4.8848:388

Security Violation Count : 0

sh mac- int gi 1/5

Unicast Entries

vlan mac address type protocols port

-------+---------------+--------+---------------------+--------------------

388 000c.29e4.8848 dynamic ip GigabitEthernet1/5

388 0050.5648.4cb4 dynamic ip GigabitEthernet1/5

Multicast Entries

vlan mac address type ports

-------+---------------+-------+--------------------------------------------

388 ffff.ffff.ffff system Gi1/5,Gi1/6,Te1/49,Te1/50

sh port-security interface gi1/5 address

Secure Mac Address Table

------------------------------------------------------------------------

Vlan Mac Address Type Ports Remaining Age

(mins)

---- ----------- ---- ----- -------------

------------------------------------------------------------------------

Total Addresses: 0

P.S.

All hosts are active and working all the time.

Tnx.

2 REPLIES
New Member

Re: 4900 switches and port-security

can you please paste the sh log messages.simple type: sh log.

was this working fine and suddenly changes.did you carry out any changes recently??

New Member

Re: 4900 switches and port-security

First, there was some %PORT_SECURITY-2-PSECURE_VIOLATION: events (due insufficient maximum allowed mac). We allowed more macs & enable aging.

287
Views
0
Helpful
2
Replies