Accepted Solutions
Is the SRW you reference, one of the new SRWxxx-K9 (300 series) switch, or the old switch pre-300 series version?
If the switch is a current 300 series product, the action on switch port security violation could be, as taken from the 300 series Admin guide, highlighted in the red box below.;
Hi Leonardus,
The port security mode lock, command is performed once for a interface or range of interfaces, and doesn't appear in the running config.
It saves the current dynamic MAC addresses associated with the port and disables learning, relearning and aging.
On my switch after the lock command was performed, I can see that my switch statically defined the MAC entries for three SPA500 phone devices in two vlans;
mac address-table static 00:02:fd:ff:c0:f4 vlan 1 interface gigabitethernet2 secure
mac address-table static 00:24:97:f0:55:f6 vlan 1 interface gigabitethernet6 secure
mac address-table static 00:25:84:d8:d0:08 vlan 1 interface gigabitethernet4 secure
mac address-table static 00:02:fd:ff:c0:f4 vlan 100 interface gigabitethernet2 secure
mac address-table static 00:24:97:f0:55:f6 vlan 100 interface gigabitethernet6 secure
mac address-table static 00:25:84:d8:d0:08 vlan 100 interface gigabitethernet4 secure
On my 10 port switch SGE300-10P, the following command was entered into the CLI,
interface range gi1-8
port security discard-shutdown
The CLI command port security discard-shutdown, should perform the action you need, which is discards packets with unlearned source addresses
and shuts down the port.
I plugged a PC into the back of the SPA phone and the LED lights on the switch turned off. Power was still getting to the phone.
So the switch port did shutdown and i had to enable the port as shown below.
.
I have seen a interesting behaviour in the GUI, which I am checking with the Support Centers Subject Matter expert. but the port did lock the number of MAC addresses and shutdown the port, when it saw the appearance of another Layer 2 host on the port.
regards Dave
.
Is the SRW you reference, one of the new SRWxxx-K9 (300 series) switch, or the old switch pre-300 series version?
If the switch is a current 300 series product, the action on switch port security violation could be, as taken from the 300 series Admin guide, highlighted in the red box below.;
Hi Leonardus,
The port security mode lock, command is performed once for a interface or range of interfaces, and doesn't appear in the running config.
It saves the current dynamic MAC addresses associated with the port and disables learning, relearning and aging.
On my switch after the lock command was performed, I can see that my switch statically defined the MAC entries for three SPA500 phone devices in two vlans;
mac address-table static 00:02:fd:ff:c0:f4 vlan 1 interface gigabitethernet2 secure
mac address-table static 00:24:97:f0:55:f6 vlan 1 interface gigabitethernet6 secure
mac address-table static 00:25:84:d8:d0:08 vlan 1 interface gigabitethernet4 secure
mac address-table static 00:02:fd:ff:c0:f4 vlan 100 interface gigabitethernet2 secure
mac address-table static 00:24:97:f0:55:f6 vlan 100 interface gigabitethernet6 secure
mac address-table static 00:25:84:d8:d0:08 vlan 100 interface gigabitethernet4 secure
On my 10 port switch SGE300-10P, the following command was entered into the CLI,
interface range gi1-8
port security discard-shutdown
The CLI command port security discard-shutdown, should perform the action you need, which is discards packets with unlearned source addresses
and shuts down the port.
I plugged a PC into the back of the SPA phone and the LED lights on the switch turned off. Power was still getting to the phone.
So the switch port did shutdown and i had to enable the port as shown below.
.
I have seen a interesting behaviour in the GUI, which I am checking with the Support Centers Subject Matter expert. but the port did lock the number of MAC addresses and shutdown the port, when it saw the appearance of another Layer 2 host on the port.
regards Dave
.
