dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
8006

Scream
@people.net.au

Scream

Anon

Cisco Switch Commands for port security

Hi there

I have a Cisco 24 port 2950 switch.

I have setup port security on all ports. When i plug in a Pc, some times the Port light goes dark and the port goes into a err-disabled state.

I know there is a way to Fix this problem to allow the switch to read the PC's mac address and for the port to become active again.

I cant remember how to do this at this time.

Can someone please help me fix this problem

I use the commands

interface range fastethernet 0/1 - 24
switchport port-security
switchport port-security maximum 1
switchport port-security mac-address sticky
switchport port-security violation shutdown

to setup port security in the first place

Any help would be greatly appreciated

Thank you
meta
join:2004-12-27
00000

meta

Member

shutdown and then no-shut the port to re-enable it.
make sure that "show run interface $INT" doesnt have a hard-coded mac address on it. That can get added automagically by the switch when it discovers a MAC on a port. If the mac there doesnt match whats plugged in you will need to remove it.

phantasm11b
Premium Member
join:2007-11-02

1 edit

phantasm11b to Scream

Premium Member

to Scream
You can also do this to remove the MAC address from the port if sticky ports is enabled:

clear mac-address dynamic
clear port-security sticky
 
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to Scream

MVM

to Scream
Slightly off-topic, but that config means:
- port security on
- allow a maximum of 1 MAC addresses to be learned at any one time
- that learned MAC address shall always be on this port and this port only
- if another MAC address is attempted to learn, the port will shut down, right?

I've forgetten all of my port security stuff...

Regards

phantasm11b
Premium Member
join:2007-11-02

phantasm11b

Premium Member

said by HELLFIRE:

Slightly off-topic, but that config means:
- port security on
- allow a maximum of 1 MAC addresses to be learned at any one time
- that learned MAC address shall always be on this port and this port only
- if another MAC address is attempted to learn, the port will shut down, right?

I've forgetten all of my port security stuff...

Regards
Yes.