Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   Port security on a Catalyst 4000 - fails to shut down port (http://www.velocityreviews.com/forums/t29944-port-security-on-a-catalyst-4000-fails-to-shut-down-port.html)

Jon Whitear 11-04-2003 06:19 AM

Port security on a Catalyst 4000 - fails to shut down port
 
I've got port security configured on a catalyst 4000, running catos
7.6.3. The config command is:-

set port security 6/18 enable age 0 maximum 1 shutdown 0 unicast-flood
enable violation shutdown

When I patch a workstation into the port, it learns the mac and shows
it as secure. When I subsequently remove the workstation, a "show port
security 6/18" shows no secure address. I can then patch a different
workstation into the same port, and it learns the new machine's mac
address.

As I understand it, the first machine's mac address should be learnt,
and the port should be shut down when the second machine is patched
in. That's the behaviour we're looking for.

I have tried setting the aging time and shutdown time (to 1440)
without any effect.

Your help is greatly appreciated.

Peter 11-04-2003 10:13 AM

Re: Port security on a Catalyst 4000 - fails to shut down port
 
Jon Whitear wrote:
> I've got port security configured on a catalyst 4000, running catos
> 7.6.3. The config command is:-
>
> set port security 6/18 enable age 0 maximum 1 shutdown 0 unicast-flood
> enable violation shutdown


I can't speak directly for CATOS, I have ever used it with this
function, however with IOS there are 3 levels of port security.
Comparing the above Port Security settings terminology with IOS, the
above appears to say to me that only ONE MAC can be present at a
time on that port, however if the LINK goes DOWN, then the switch will
re-learn a new MAC for that port. I think you need to turn on AGING to
enable the switch to remember the MAC for a period of time AFTER the
LINK goes down, so that a new MAC learnt before that AGING time
expires will perform the shutdown.

Regards...........pk.

--
*** Replace SOMEONE with prk ***


Jon Whitear 11-04-2003 11:01 PM

Re: Port security on a Catalyst 4000 - fails to shut down port
 
I've tried setting the age timer to 1440 minutes (=1 day) without any
effect. Setting the age to 0 should disable ageing, i.e. the mac
address is permanent.

The odd thing is, we have some Cat 4000s running version 5.5(1) with
the same config, on which port security works fine.

Cheers,

Jon


All times are GMT. The time now is 01:53 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.