I have 6 catalyst 6500 switches, all of them with Cat0S cat6000-sup2k8.8-3-7.bin and I recently configured port security feature in order to limit the number of MAC addresses that are permited in each port at a time; I configured this on each port:
set port security x/y enable maximum 2 shutdown 10 violation shutdown
and I did not configure the blobal command: set port securitu auto-configure enabled; because I don't want the switche "learn" only the last 2 mac addresses connected; and this works, but there are some cases, or maybe a lot cases in which this configuration doesn't work, I mean, even with only one MAC address, a new one, the port goes down...
Re: port security problem in catalyst 6500 switches
Enabling Port Security
When enabling port security on access ports or trunks, follow these guidelines:
When you enable port security, if an address learned or configured on one secure port is seen on another secure port in the same VLAN, port security puts the port into the error-disabled state immediately.
To bring a secure port out of the error-disabled state with the default port security configuration, enter the errdisable recovery cause shutdown global configuration command, or manually reenable it by entering the shutdown and no shut down interface configuration commands.
Enter the clear port-security dynamic global configuration command to clear all dynamically learned secure addresses. See the Catalyst 6500 Series Switch Cisco IOS Command Reference, Release 12.2SX, for complete syntax information
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...