Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

port-security

Hi,

i am using 3750 stack switch configured with port-security. i have given max macaddress learned to 10 but when the mac address reach 3 the port is going to disable,

please advice.

14 REPLIES

Re: port-security

HI Naga,

What is the Violation mode configured ?

FYI: Set the security violation mode or the action to be taken if port security is violated. The default is shutdown.

Pls RATE if HELPS.

Best Regards,

Guru Prasad R

Re: port-security

also make sure u hard code it as max mac 10

New Member

Re: port-security

thanks for the reply,

yes i have done it please find the conf below,

interface GigabitEthernet1/0/23

switchport access vlan 220

switchport mode access

switchport voice vlan 420

switchport port-security maximum 10

switchport port-security

storm-control broadcast level 20.00 15.00

storm-control action trap

spanning-tree portfast

Re: port-security

did u get it working ?

by the way it dosent matter if u make the action shutdown or errordisable

this just an action

with error disable you can make it recoverautomaticaly after a while

while with shutdown action u have manuly reenable the port by issuing no shut

good luck

if helps rate

New Member

Re: port-security

no, still i am facing the plb if i connect my fourth device it will down.after changeing the max mac to 10

Re: port-security

after changing the config and save it have you tried to reload it ?

New Member

Re: port-security

hi,

i didnt reload as becoz of the live env,

just one clarification, the port security changes will effect only after reloding the switch?

Re: port-security

Just out of curiosity, are any of the machines running virtual servers (vmware,xen,etc.) in bridging mode?

Also, what is the output of your CAM ?

(taken from a 3560)

SER-N>sh mac address-table | include Gi0/1

48 0001.e62e.aa7e STATIC Gi0/1

48 000d.5616.1784 STATIC Gi0/1

48 000d.561f.b62b STATIC Gi0/1

48 000d.56ed.788b STATIC Gi0/1

48 0012.3fd6.f2e9 STATIC Gi0/1

48 0013.726a.b640 STATIC Gi0/1

48 0014.22ca.1484 STATIC Gi0/1

48 0014.3898.3be1 STATIC Gi0/1

48 0015.c537.88bf STATIC Gi0/1

48 0018.8ba6.d94d STATIC Gi0/1

48 0018.8bb9.4b79 STATIC Gi0/1

48 0018.8bc9.dca8 STATIC Gi0/1

48 0021.70a0.ddd4 STATIC Gi0/1

48 0021.70a3.e642 STATIC Gi0/1

SER-N#sh port-security

Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action

(Count) (Count) (Count)

---------------------------------------------------------------------------

Gi0/1 20 15 598 Restrict

Gi0/2 1 0 0 Restrict

Gi0/3 1 0 0 Restrict

Re: port-security

Another thought, are you using switchport port-security mac-address sticky?

Here is an example port conf w/o sticky

switchport mode access

switchport port-security maximum 20

switchport port-security

switchport port-security aging time 5

switchport port-security violation restrict

New Member

Re: port-security

hi,

i am not using sticky, plz find conf below,

interface GigabitEthernet1/0/16

switchport access vlan 220

switchport mode access

switchport voice vlan 420

switchport port-security maximum 10

switchport port-security

switchport port-security violation restrict

storm-control broadcast level 20.00 15.00

storm-control action trap

spanning-tree portfast

!

New Member

Re: port-security

Hi,

we are not using any vmware on any of the user PCs, please find the attached information from 3750 as requested

thanks

New Member

Re: port-security

thanks for the reply,

i have made it shutdown,

NHQ-4F#sh port-security in gi1/0/23

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Shutdown

Aging Time : 0 mins

Aging Type : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 10

Total MAC Addresses : 1

Configured MAC Addresses : 0

Sticky MAC Addresses : 0

Last Source Address:Vlan : 001d.a290.9bdd:420

Security Violation Count : 0

New Member

Re: port-security

With port security on; check that the mac addr is not also showing up on another port.

New Member

Re: port-security

no,

i have give the command clear port-sec all,

245
Views
0
Helpful
14
Replies