Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

port security on C4006

I have recently enabled port security via the following command:

"set port security 3/1 enable age 10 maximum 1 shutdown 0 violation restrict"

But now I would like to disable it. However, the config file shows

"set port security 3/1 disable age 10 maximum 1 shutdown 0 violation restrict"

instead of clearing the command. Does anyone know how I can clear the entry in the config? Thanks.

Fanny

6 REPLIES
Cisco Employee

Re: port security on C4006

There are many commands which would stay in the config if you enable a feature and later disable it. If you want to get rid of it totally, do a "show config 3", copy paste it into a notepad and then do a "clear config 3" and then put back the required config

New Member

Re: port security on C4006

To my understanding, you do not need to copy/paste, etc etc. The command to permanently remove the port security statement in your configuration file is as follows:

clear port security [mod/port] all

Hope this helps..

Cisco Employee

Re: port security on C4006

clear port security [mod/port] all will only clear the secure MAC addresses associated with that port

New Member

Re: port security on C4006

I think Mathew was right in that you do not need to copy, modify, and repaste your config. After you clear the learned MAC address from a specific port (clear port security) simply disable port security and it should be removed from your config. (set port security disable) Also know that, for example, the CAT 6000 switch will also automatically set the "trunk status" to off and you will also see this in your config. A "clear trunk " will remove this from your config. Hope this helps.

-regards

Cisco Employee

Re: port security on C4006

Here is a screen capture..It does not do it

access_A> (enable) sh config 6

This command shows non-default configurations only.

Use 'show config all' to show both default and non-default configurations.

....................

begin

!

# ***** NON-DEFAULT CONFIGURATION *****

!

!

#time: Mon Dec 30 2002, 10:32:47

!

#module 6 : 48-port 10/100BaseTx Ethernet

set port disable 6/1-2

set port channel 6/1-2 mode desirable silent

end

access_A> (enable) set port security 6/5 enable age 10 maximum 1 shutdown 0 violation restrict

Port 6/5 security enabled, maximum address 1, age time 10, shutdown time 0, violation mode restrict.

Trunking disabled for Port 6/5 due to Security Mode.

access_A> (enable) sh config 6

This command shows non-default configurations only.

Use 'show config all' to show both default and non-default configurations.

....................

begin

!

# ***** NON-DEFAULT CONFIGURATION *****

!

!

#time: Mon Dec 30 2002, 10:32:56

!

#module 6 : 48-port 10/100BaseTx Ethernet

set port disable 6/1-2

set port security 6/5 enable age 10 maximum 1 shutdown 0 violation restrict

set trunk 6/5 off dot1q 1-1005

set port channel 6/1-2 mode desirable silent

end

access_A> (enable) clear port security 6/5 all

All secure mac addresses cleared for port 6/5.

access_A> (enable) sh config 6

This command shows non-default configurations only.

Use 'show config all' to show both default and non-default configurations.

....................

begin

!

# ***** NON-DEFAULT CONFIGURATION *****

!

!

#time: Mon Dec 30 2002, 10:33:31

!

#module 6 : 48-port 10/100BaseTx Ethernet

set port disable 6/1-2

set port security 6/5 enable age 10 maximum 1 shutdown 0 violation restrict

set trunk 6/5 off dot1q 1-1005

set port channel 6/1-2 mode desirable silent

end

access_A> (enable) set port security 6/5 disable age 10 maximum 1 shutdown 0 violation restrict

Port 6/5 security disabled, maximum address 1, age time 10, shutdown time 0, violation mode restrict.

access_A> (enable) sh config 6

This command shows non-default configurations only.

Use 'show config all' to show both default and non-default configurations.

....................

begin

!

# ***** NON-DEFAULT CONFIGURATION *****

!

!

#time: Mon Dec 30 2002, 10:33:50

!

#module 6 : 48-port 10/100BaseTx Ethernet

set port disable 6/1-2

set port security 6/5 disable age 10 maximum 1 shutdown 0 violation restrict

set trunk 6/5 off dot1q 1-1005

set port channel 6/1-2 mode desirable silent

end

access_A> (enable)

New Member

Re: port security on C4006

Hmm, I stand corrected. I did do it earlier today but I did not have the following options in my config:

age 10 maximum 1 shutdown 0 violation restrict

I just had "set port security 3/29 enable". With just this in the config I was able to make it "disappear" from the config after disabling it. I guess I'll be using the origial advice to get that crap out of my config tomorrow ...

-regards

116
Views
0
Helpful
6
Replies
CreatePlease login to create content