Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Port security and DHCP

Hello all.

I have configured port security in a couple of ports and I don't think it handles the frames as it should. the settings are the following

- max: the proper number of MAC adds

- mode secure permanent

- discard

I connect the legitimate devices in order to learn the maximum number of MACs the port should learn and then I connect a device with non secure MAC. I can obtain an IP from the DHCP server but then no traffic is being forward. I think that the non-legitimate device should not be able to obtain an IP since port security discards all frames with an unknown source MAC. 

1 ACCEPTED SOLUTION

Accepted Solutions

Hi Stelios,Your configuration

Hi Stelios,

Your configuration seems to be just fine. Mine was related only to port security and max addresses I set to 1. I saw that only 1st MAC address is sending bootp any other devices connect through the switch on this port are not sending bootp.

You might also do packet capture using switch port mirroring capabilities and wireshark application. Perhaps devices are using old known IP addresses...

Regards,

Aleksandra

8 REPLIES

Hi Stylianosvlachakis,Hard to

Hi Stylianosvlachakis,

Hard to comment without knowing what the switch model is and what the switch configuration is.

Regards,

 

New Member

Hello dargielThe port

Hello dargiel

The port security configuration is exactly the one I put above. more commands include IP source gurad, switchport mode access and the vlan assignment, spanning tree bpduguard and portfast.

Model SG50052

Hi Stelios,I am running 1.4

Hi Stelios,

I am running 1.4 firmware and boot code and cannot recreate the problem. Perhaps my setup is different than yours, I would suggest you to call Cisco Small Business Support team and open the ticket:

http://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

If there is something unexpected in the switch behavior this is the right way to report this.

Regards,

Aleksandra

New Member

Hello Aleksandra.Thanks for

Hello Aleksandra.

Thanks for your kind help. I will the support team for a ticket. Just in case I am missing something I will post the relative parts of the configuration here. The port I am talking about at the first post is member of VLAN 16.

ip dhcp snooping 
ip dhcp snooping database 
ip dhcp snooping vlan 16 
ip arp inspection vlan 16 
ip source-guard 

interface gigabitethernet1/1/1
 port security max 9 
 port security mode secure permanent 
 port security discard 
 spanning-tree portfast 
 switchport mode access 
 switchport access vlan 16 

 

Hi Stelios,Your configuration

Hi Stelios,

Your configuration seems to be just fine. Mine was related only to port security and max addresses I set to 1. I saw that only 1st MAC address is sending bootp any other devices connect through the switch on this port are not sending bootp.

You might also do packet capture using switch port mirroring capabilities and wireshark application. Perhaps devices are using old known IP addresses...

Regards,

Aleksandra

New Member

Thanks for your replies and

Thanks for your replies and help kind lady. 

The IPs that are assigned to machines are definitely fresh, cause I 've readdressed the network, so there is no way to have such an old known.

I will go through tech-support.

My best 

Stelios

New Member

One last question: What

One last question: What should I have done prior contacting Cisco Support ? I mean in terms of registration etc.

Thanks in advance.

Hi Stelios,You should prepare

Hi Stelios,

You should prepare Cisco ID (username to login on cisco.com) and serial number of the switch and call number in your country:

http://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

you can share with me the case number via private message.

Regards,

Aleksandra

100
Views
0
Helpful
8
Replies
CreatePlease login to create content