Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

cat 3550 & 4506 port-security

I have 15 clusters of 3 x 3550's and 3 x 4506's with port-security configured on all access ports. Every day I experience random pot lockouts, on again random switches due to err-disable. Reason, switch seen MAC address 5258.5f55.55.c5 or address e8be.5bd3.5558 on port? The times indicate that this happens when clients either logon or logoff. We have update all drivers on the clients which are a mix of Dell's and Compaq's. Anyone came across this behaviour before? Port config attached.

interface FastEthernet0/1

switchport access vlan 11

switchport mode access

switchport port-security

switchport port-security mac-address sticky

switchport port-security mac-address sticky 000b.db43.a5e5

no ip address

spanning-tree portfast

2 REPLIES
Cisco Employee

Re: cat 3550 & 4506 port-security

Check to see if the ports are seeing any errors. We had a bug in 3550s(CSCef15178) due to which MAC Learning would Occur on Frames with Bad CRC and lead to port-security violations. This is a hardware limitation not fixed in any IOS but there are couple workarounds you could use.

Configure

1) switchport port-security violation protect

or

2)switchport port-security violation restrict

on the secure ports. Then the ports would not shut down when they receive a garbled packet.

PS: Remember to rate useful posts.

New Member

Re: cat 3550 & 4506 port-security

Thank prkrishn for getting back so quick.

I will try some with the restict, as this will

send trap when a violation occurs. With this option packet are only dropped for the unknown address. Nice one.

Regards

John

274
Views
4
Helpful
2
Replies
CreatePlease to create content