Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Scope of port security

Hi,

I experienced a scenario recently where port security was enabled on a switch allowing 3 mac addresses on a port with sticky, The physical setup was Switch>>media converter>>IP phone>>Laptop.

Port one had this equipment already in situe and we wanted to add another laptop to the domain,

We connected a 2nd laptop to port one and successfully joined the domain.

We did not setup port security on port 2. Uppon conencting a new IP phone to port 2, and then moving the 2nd laptop to port 2 also, the phone worked but laptop 2 did not.

We found that for the laptop to work on port 2 we had to flush port 1.

My question is.. Is this default behaviour? may a mac address only exist on one port as far as port security in concerned? or might the use of the media converter stopped the port from recognising the disconnection of the laptop perhaps?

Cheers

Dave

Everyone's tags (1)
1 REPLY

Scope of port security

Hi David Imrie

You have to check the configuration of your switch interface, probably  a switch's  port dynamically learned a MAC address with the “switchport port-security mac-address sticky” command and does not allow another port learn the MAC address, I recommend you to use the  “mac-address-table static 0000.1111.2222 vlan x interface fastethernet 0 / x”  command to be assigned statically.

You should also check that the “switchport port-security” command is configured on each interface of the switch, because without that no “port-security command” will work.

IP phones sometimes have multiple MAC addresses assigned, and sometimes this causes problems with networks like yours >> Switch >> IP phone media converter >> Laptop. To solve this problem, change the maximum allowed MAC addresses, adding one to the maximum allowed

For example if the maximum is 2,  change to 3

Switchx (config-if) # switchport port-security maximum 2.

Switchx (config-if) # no switchport port-security maximum 2.

Switchx (config-if) # switchport port-security maximum 3.

If these solutions do not fix your problem, send me your switch configuration or

If this answer was satisfactory for you, please mark the question as Answered.

Thank you

Greetings, Johnnatan Rodriguez Miranda.

583
Views
0
Helpful
1
Replies