Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Port security configured on two ports, in same vlan, but no SHUTDOWN when change computer in those 2 ports.......

I set up my switch, the port security is activated, but when i have 2 ports configured in same vlan, when changing the computers conected in those ports between them, the ports are not going in shutdown, only discard packets. 

How can i configure to shutdown the port when another mac is detected? even is in the same vlan.

6 REPLIES
New Member

Please Post your config

Please Post your config

New Member

test#sh runconfig-file

test#sh run

config-file-header

test

v1.3.0.62 / R750_NIK_1_3_647_260

CLI v1.0

 

file SSD indicator encrypted

@

ssd-control-start

ssd config

ssd file passpharse control unrestricted

no ssd file integrity control

 

vlan database

vlan 2-3

exit

bonjour interface range vlan 1

hostname test

!

interface fastethernet2

   port security discard-shutdown

   switchport mode access

   switchport access vlan 2

!

interface fastethernet3

   port security discard-shutdown

   switchport mode access

   switchport access vlan 2

!

exit

mac address-table static 00:00:03:45:56 vlan 2 interface fastethernet2 secure

mac address-table static 00:00:bc:f2:01:b4 vlan 2 interface fastethernet3 secure

 

this is my running config

 

if i put the mac from fa3 in fa2 port, the port is not going in shutdown, only discard the packets, but if i change the vlan from 2 to 3 , the port wil be shutdown.

 

New Member

I'm afraid that this isn't

I'm afraid that this isn't quite what port-security does.  Port-security will not change the configuration of your switch to add the "shutdown" command into the running configuration of that interface.

 

Rather, port-security places the port into a disabled state.  As you said, the switch will begin dropping frames that it receives on that port.  There is no configuration setting that you could put in place to actually shut the port down.

 

What is your end goal?  Why do you want the port to actually shut down rather than discard frames?

New Member

when port security is enable,

when port security is enable, and if you set in case of violation, to shutdown the port, the port is going off when another mac is detected. 

 

Silver

Hello dani,I would configure

Hello dani,

I would configure the MAC address statically by using switchport port-security mac-address XXXX, this won't care about which vlan it's in.

 

Regards,

David

 

"Don't think you are, know you are" 

-Morpheus

New Member

My switch is an SRW248G4-K9

My switch is an SRW248G4-K9-EU.  the cli commands are not the same as a cisco Catalyst 3560 switch.

 

there are 3 options when configure port security: Discard, Forward and DIscard-Shutdown.

Acalderone, when the port security is configured on a switch with IOS, the ports are going down when another mac is detected on port, even if the port is configured in the same vlan.

 

my switch shut down the port if if is in another vlan. but when are in the same vlan, the ports only discard traffic.

 

thank you guys for help

 

870
Views
0
Helpful
6
Replies
CreatePlease login to create content