How to handle port security on the ports where printers are connected, the problem is whenever i enable ports security on the ports , everytime printer gets disable. Is there any to appy port secuirty on the port where printer is connected?
What does the configuration of the port look like? Is there something else daisy chained off the printer? What model of printer is it?
What is the goal of the port-security in this case?
Does the port actually enter an err-disabled state if so what is the reason according to the logging ?
Goal is to peotect unauthorize use of this port.
according to logging it is learning different mac addresses of the same printer causing the port to disable
What kind of switch and software? It could be software bug, I had similar behaviour on 3750x (I don't remember software version).
Did you try to setup mac address statically on port?
Hi Jahanzeb! I guess that Shawn meant static with no sticky option:
(config-if)# switchport port-security mac-address [sticky] MAC_ADDRESS [vlan vlan_ID]
At the MAC_ADDRESSS position, write your printer address.
I hope this can help you.
Scan the network for both adresses to see where the other MAC address comes from.
Check the cabling if there isnt a hub or switch connected somewhere or if there is a user who plugs his laptop in the port the printer also uses.
Do the following:
Before you connect the printer on the network, see the MAC table of the switch and the ARP table of your network Core if the MAC the new printer is learned.
If so, try to locate the interface where the device with this MAC is connected.
Commands that can help
SWITCH # show mac address-table | include 0000.aaaa.bbbb
CORE # show ip arp | include 0000.aaaa.bbbb
CORE # traceroute mac 0000.aaaa.bbbb 0000.aaaa.bbbb
Int fa 0/x
switchport mode access
switchport access vlan 50
Xerox printer /copier / scanner
Do not forget that when you enable port-security, some parameters are implicit. See the defaults parametres bellow (For see it, run the command show run all | sec [interface] ):
switchport port-security maximum 1
switchport port-security maximum 65535 vlan
switchport port-security maximum 65535 vlan access
switchport port-security maximum 65535 vlan voice
switchport port-security aging time 0
switchport port-security violation shutdown
switchport port-security aging type absolute
switchport port-security limit rate invalid-source-mac 10
no switchport port-security mac-address sticky
no switchport port-security aging static
You can see the subject is disabling interface with the following command
switch#show port-security interface fa0/1