11-03-2003 06:31 PM - edited 03-02-2019 11:26 AM
I have port security configured on a Cat 4000, but it doesn't shutdown the port. The configuration shows:
set port security 2/22 enable age 0 maximum 1 shutdown 0 unicast-flood enable violation shutdown
When I patch a workstation into the port, a 'show port security 2/22" shows the switch has learnt the mac, and it is secure.
However, when I patch a different workstation into the same port, the switch just learns the new mac address. Shouldn't it shut the port down, or am I missing something?!
Cheers,
Jon
11-03-2003 06:42 PM
You need to set the shutdown time to something other than "shutdown 0". See http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_guide_chapter09186a00801a1613.html
11-03-2003 06:50 PM
Doesn't "shutdown 0" mean "shutdown permanently"?
11-03-2003 08:42 PM
The link above states:
"You can specify how long a port is to remain disabled in the event of a security violation. By default, the port is shut down permanently. The valid range is from 1-1440 minutes.
If you set the time to zero, the shutdown is disabled for this port."
The wording above leads me to believe that if you don't specify a shutdown time, the default is permanent. But specifying 0 effectively turns shutdown off.
11-03-2003 08:58 PM
I've tried not specifying a shutdown time, but if I do that, the configuration reflects the default, i.e. shutdown 0.
11-04-2003 03:11 PM
I should add that I have other Cat 4000s running version 5 catos that work fine with the same port security config, so it looks like there's a bug in version 7.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: