port-security limitations on Catalyst 3550

aaanet · ‎10-16-2002

I've used Catalyst 2950 with port security to limit access to Ethernet network only to 'known' client's MAC-addresses. After replacement of Catalyst 2950

with Catalyst 3550 I've collided with the problem - only 128 static MAC-addresses can be defined on the whole device, but I need more...

Is there any workaround for this problem ? Is this limitation hardware or software ? Would it be expanded in future IOS releases ?

Prashanth Krishnappa · ‎10-16-2002

I believe the 128 associated secure addresses limit is per port

http://cio.cisco.com/univercd/cc/td/doc/product/lan/c3550/12111ea1/3550scg/swtrafc.htm#xtocid12

Did you have any issues with configuring port security? Does the switch complain with any messages?

aaanet · ‎10-17-2002

No, it's not rait. When I try to write 128-th MAC address on _device_ (it is the

4-th on the port, the Catalyst writes to console:

s1.ats(config-if)#interface FastEthernet0/20

s1.ats(config-if)# description a2.ats

s1.ats(config-if)# switchport access vlan 8

s1.ats(config-if)# switchport mode access

s1.ats(config-if)# switchport port-security

s1.ats(config-if)# switchport port-security maximum 16

s1.ats(config-if)# switchport port-security violation protect

s1.ats(config-if)# switchport port-security mac-address 0002.4401.717e

s1.ats(config-if)# switchport port-security mac-address 0002.4425.dbf2

s1.ats(config-if)# switchport port-security mac-address 0002.442d.cd86

s1.ats(config-if)# switchport port-security mac-address 0005.653b.191e

%Error: Cannot add secure address 0005.653b.191e

%Error: Total secure addresses in system reached its max limit of 128

PSECURE: Internal Error in adding address