Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Port security on a Catalyst 4000 - fails to shut down port

Reply
Thread Tools

Port security on a Catalyst 4000 - fails to shut down port

 
 
Jon Whitear
Guest
Posts: n/a
 
      11-04-2003
I've got port security configured on a catalyst 4000, running catos
7.6.3. The config command is:-

set port security 6/18 enable age 0 maximum 1 shutdown 0 unicast-flood
enable violation shutdown

When I patch a workstation into the port, it learns the mac and shows
it as secure. When I subsequently remove the workstation, a "show port
security 6/18" shows no secure address. I can then patch a different
workstation into the same port, and it learns the new machine's mac
address.

As I understand it, the first machine's mac address should be learnt,
and the port should be shut down when the second machine is patched
in. That's the behaviour we're looking for.

I have tried setting the aging time and shutdown time (to 1440)
without any effect.

Your help is greatly appreciated.
 
Reply With Quote
 
 
 
 
Peter
Guest
Posts: n/a
 
      11-04-2003
Jon Whitear wrote:
> I've got port security configured on a catalyst 4000, running catos
> 7.6.3. The config command is:-
>
> set port security 6/18 enable age 0 maximum 1 shutdown 0 unicast-flood
> enable violation shutdown


I can't speak directly for CATOS, I have ever used it with this
function, however with IOS there are 3 levels of port security.
Comparing the above Port Security settings terminology with IOS, the
above appears to say to me that only ONE MAC can be present at a
time on that port, however if the LINK goes DOWN, then the switch will
re-learn a new MAC for that port. I think you need to turn on AGING to
enable the switch to remember the MAC for a period of time AFTER the
LINK goes down, so that a new MAC learnt before that AGING time
expires will perform the shutdown.

Regards...........pk.

--
*** Replace SOMEONE with prk ***

 
Reply With Quote
 
 
 
 
Jon Whitear
Guest
Posts: n/a
 
      11-04-2003
I've tried setting the age timer to 1440 minutes (=1 day) without any
effect. Setting the age to 0 should disable ageing, i.e. the mac
address is permanent.

The odd thing is, we have some Cat 4000s running version 5.5(1) with
the same config, on which port security works fine.

Cheers,

Jon
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Time required to shut down a single interface on Catalyst 2950 Adam M Cisco 0 02-05-2006 04:28 AM
Game won't properly shut down + Catalyst problem Mike Gleason Jr Couturier Windows 64bit 3 12-14-2005 01:13 PM
To Epson 4000 or not to Epson 4000? nobody Digital Photography 37 04-17-2005 04:40 PM
Second account fails to shut down KATHRYN TERNOUTH Computer Support 1 01-09-2005 12:02 PM
Port Utilization for Catalyst 4000 Gabe Cisco 2 04-24-2004 07:29 AM



Advertisments