[c-nsp] switchport port-security question
Pepa Verich
Josef.Verich at cesnet.cz
Sat Jun 24 05:34:09 EDT 2006
Hi.
You can try commands:
switchport port-security aging time 1
switchport port-security aging type inactivity
If are used command "switchport port-security" mac-addresses in
mac-address-table are STATIC. Switch doesn't learn the same mac-address
which have on other port. You have to clear mac-addres from
mac-address-table before you connect PC on other port.
Pepa
barney gumbo napsal(a):
> I have a 3750 stack with multiple cisco voip phones connected. We are using
> the voice vlan and access vlan for each port.
>
> I attempted to configure port-security and got a warning message stating
> that the switchport must be static and not dynamic. So I add the switchport
> mode access command and now the switch doesn't learn the MAC address for the
> PC connected through the phone. I used this in combination with the
> switchport port-security max 4 command.
>
> As soon as I take out switchport port-security and switchport mode access,
> the switchport learns a MAC on that interface for the phone and the PC
> connected to the phone.
>
> To me, this means the PC and anything else connected through the phone will
> stop working. According to the documentation, this switch interface should
> support port-security when it's in access mode, which appears to be the
> case, but I'm concerned about the switch not learning the MAC of host
> connected through the phone.
>
> Any thoughts? The output below shows the problem occurring.
>
> 3750_Stack1#sho mac-address-table int fa3/0/13
> Mac Address Table
> -------------------------------------------
>
> Vlan Mac Address Type Ports
> ---- ----------- -------- -----
> 9 0017.9551.f5bc DYNAMIC Fa3/0/13
> 14 0017.9551.f5bc DYNAMIC Fa3/0/13
> Total Mac Addresses for this criterion: 2
> 3750_Stack1#config t
> Enter configuration commands, one per line. End with CNTL/Z.
> 3750_Stack1(config)#int fa3/0/13
> 3750_Stack1(config-if)#switchport mode access
> 3750_Stack1(config-if)#switchport port-security
> 3750_Stack1(config-if)#switchport port-security max 4
> 3750_Stack1(config-if)#exit
> 3750_Stack1(config)#exit
> 3750_Stack1#sho mac-address-table int fa3/0/13
> Mac Address Table
> -------------------------------------------
>
> Vlan Mac Address Type Ports
> ---- ----------- -------- -----
> 3750_Stack1#sho mac-address-table int fa3/0/13
> Mac Address Table
> -------------------------------------------
>
> Vlan Mac Address Type Ports
> ---- ----------- -------- -----
> 14 0017.9551.f5bc STATIC Fa3/0/13
> Total Mac Addresses for this criterion: 1
> 3750_Stack1#sho mac-address-table int fa3/0/13
> Mac Address Table
> -------------------------------------------
>
> Vlan Mac Address Type Ports
> ---- ----------- -------- -----
> 14 0017.9551.f5bc STATIC Fa3/0/13
> Total Mac Addresses for this criterion: 1
> 3750_Stack1#
>
> 3750_Stack1#config t
> Enter configuration commands, one per line. End with CNTL/Z.
> 3750_Stack1(config)#int fa3/0/13
> 3750_Stack1(config-if)#shut
> 3750_Stack1(config-if)#exit
> 3750_Stack1(config)#exit
> 3750_Stack1#sho run int fa3/0/13
> Building configuration...
>
> Current configuration : 369 bytes
> !
> interface FastEthernet3/0/13
> switchport access vlan 9
> switchport mode access
> switchport voice vlan 14
> switchport port-security maximum 4
> switchport port-security
> shutdown
> srr-queue bandwidth share 10 10 60 20
> srr-queue bandwidth shape 10 0 0 0
> mls qos trust device cisco-phone
> mls qos trust cos
> auto qos voip cisco-phone
> spanning-tree portfast
> end
>
> 3750_Stack1#
> 3750_Stack1#config t
> Enter configuration commands, one per line. End with CNTL/Z.
> 3750_Stack1(config)#int fa3/0/13
> 3750_Stack1(config-if)#no shut
> 3750_Stack1(config-if)#exit
> 3750_Stack1(config)#exit
> 3750_Stack1#
> 3750_Stack1#
> 3750_Stack1#sho mac-add
> 3750_Stack1#sho mac-address-table int fa3/0/13
> Mac Address Table
> -------------------------------------------
>
> Vlan Mac Address Type Ports
> ---- ----------- -------- -----
> 3750_Stack1#sho mac-address-table int fa3/0/13
> Mac Address Table
> -------------------------------------------
>
> Vlan Mac Address Type Ports
> ---- ----------- -------- -----
> 3750_Stack1#sho mac-address-table int fa3/0/13
> Mac Address Table
> -------------------------------------------
>
> Vlan Mac Address Type Ports
> ---- ----------- -------- -----
> 3750_Stack1#sho mac-address-table int fa3/0/13
> Mac Address Table
> -------------------------------------------
>
> Vlan Mac Address Type Ports
> ---- ----------- -------- -----
> 14 0017.9551.f5bc STATIC Fa3/0/13
> Total Mac Addresses for this criterion: 1
> 3750_Stack1#sho mac-address-table int fa3/0/13
> Mac Address Table
> -------------------------------------------
>
> Vlan Mac Address Type Ports
> ---- ----------- -------- -----
> 14 0017.9551.f5bc STATIC Fa3/0/13
> Total Mac Addresses for this criterion: 1
> 3750_Stack1#
>
> 3750_Stack1#config t
> Enter configuration commands, one per line. End with CNTL/Z.
> 3750_Stack1(config)#int fa3/0/13
> 3750_Stack1(config-if)#no switchport mode access
> Command rejected: Conflict with Port Security
> 3750_Stack1(config-if)#no switchport port-sec
> 3750_Stack1(config-if)#no switchport mode access
> 3750_Stack1(config-if)#exit
> 3750_Stack1(config)#exit
> 3750_Stack1#sho mac-add
> 3750_Stack1#sho mac-address-table int fa3/0/13
> Mac Address Table
> -------------------------------------------
>
> Vlan Mac Address Type Ports
> ---- ----------- -------- -----
> 3750_Stack1#sho mac-address-table int fa3/0/13
> Mac Address Table
> -------------------------------------------
>
> Vlan Mac Address Type Ports
> ---- ----------- -------- -----
> 9 0017.9551.f5bc DYNAMIC Fa3/0/13
> 14 0017.9551.f5bc DYNAMIC Fa3/0/13
> Total Mac Addresses for this criterion: 2
> 3750_Stack1#
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list