Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Port security error

On the Cat 4000 when enabling port security a error displays stating "no space in the forwarding engine".

How do you resolve the error?

2 REPLIES
New Member

Re: Port security error

SECURITY-1-PORTSHUTDOWN: Port [dec]/[dec] shutdown due to [chars]

This message indicates that a port has been shut down due to an insecure host sourcing a packet into that port; [dec]/[dec] is the module number/port number of the port that has shut down and [chars] can be either security violation or no space in forwarding engine lookup table. Because of this error,do check why the host is sourcing a packet into that port.

The switch can only have port security for 1024 MAC addresses. There is possiblly a maximum number of MAC addresses allowed to connect to a port. If that maximum number for all ports is over 1024, then when over a 1024 MAC addresses are connected to this switch, the switch will shut down those ports that port security is configured.

This problem also happens with different MAC address , sequence. Same addreses can be learnt without problem when Port security is disabled.

The term "no space in the forwarding table" is misleading since there is enough space for many mac addreses to be learnt (may be thousands of other) .

However there is no space in forwarding engine table for set of specific MAC addresses.

This can happen if different range of mac addresses gets hashed to same index.

The work-around if possible would be to disable port security for these ports if possible.

use [set cam static filter] command

To see how many ports are configured for port security use [show port securty ].

Also do a [show port security statistics system] to see the statistics for the whole system.

Here are good links on port security

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/rel7_1/config/sec_port.htm#1019955

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_2/config/sec_port.htm#xtocid118692

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sft_6_1/mess_rec/emsg.htm#xtocid99

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/rel7_1/config/sec_port.htm

http://www.cisco.com/en/US/products/hw/switches/ps679/products_system_message_guide_chapter09186a008007d25b.html#xtocid2088116

Below are bugs that related to this issue:

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdm70908

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdr73349

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCds13570

New Member

Re: Port security error

Enabling port security is not an option since I have many rouge systems in the building.

The following is the topoligy:

2 6506 in core.

7 4006, one on each subnet.

Maximum number of systems on each subnet is 150.

All port security was disabled on all 4006.

Clear port security all was run of all 4006.

Two of the seven 4006 have no problems.

All 4006 are running the same code and IOS version.

Would clearing the CAM table resolve the issue?

247
Views
0
Helpful
2
Replies
CreatePlease login to create content