Port security doesn't shutdown a port on a Cat 4000

jonwhitear · ‎11-03-2003

I have port security configured on a Cat 4000, but it doesn't shutdown the port. The configuration shows:

set port security 2/22 enable age 0 maximum 1 shutdown 0 unicast-flood enable violation shutdown

When I patch a workstation into the port, a 'show port security 2/22" shows the switch has learnt the mac, and it is secure.

However, when I patch a different workstation into the same port, the switch just learns the new mac address. Shouldn't it shut the port down, or am I missing something?!

Cheers,

Jon

tbaranski · ‎11-03-2003

You need to set the shutdown time to something other than "shutdown 0". See http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_guide_chapter09186a00801a1613.html

jonwhitear · ‎11-03-2003

Doesn't "shutdown 0" mean "shutdown permanently"?

tbaranski · ‎11-03-2003

The link above states:

"You can specify how long a port is to remain disabled in the event of a security violation. By default, the port is shut down permanently. The valid range is from 1-1440 minutes.

If you set the time to zero, the shutdown is disabled for this port."

The wording above leads me to believe that if you don't specify a shutdown time, the default is permanent. But specifying 0 effectively turns shutdown off.

jonwhitear · ‎11-03-2003

I've tried not specifying a shutdown time, but if I do that, the configuration reflects the default, i.e. shutdown 0.

jonwhitear · ‎11-04-2003

I should add that I have other Cat 4000s running version 5 catos that work fine with the same port security config, so it looks like there's a bug in version 7.