CCNA switching lab doesn't work - port violation shutdown

Discussion in 'Cisco' started by spurdy88@gmail.com, Jul 31, 2006.

  1. Guest

    I've posted this elsewhere to no avail, please save my sanity...

    This one should be a simple one, but I cannot figure out how to do it.

    I've enabled switchport port security on a port using the sticky
    setting, maximum MAC addresses as one and violate as shutdown. I can
    re-enable the port using the web interface but cannot figure out the
    syntax to bring it back up using the IOS CLI. There is an switchport
    ageing command set to 2 minutes, I assumed that that would try to see
    if the permitted MAC address(es) were plugged back in and re-enable it
    but it doesn't.

    I've tried everything, issueing "no" versions of everything showing in
    show run, I've cleared the mac-address-list and put the supposedly
    known good NIC back into the port. I can issue no shutdown till I'm
    blue in the face, it just stays in an err-disabled state and refuses to
    come back up.

    The only ways I can get the interface back up is via the browser or by
    rebooting the switch. Both of these scenarios seem like cheating,
    especially when the Networking Academy lab says it should work with a
    simple no shutdown.

    All help is appreciated.

    Cheers

    Steve
    , Jul 31, 2006
    #1
    1. Advertising

  2. On 2006-07-31, <> wrote:
    >
    > The only ways I can get the interface back up is via the browser or by
    > rebooting the switch. Both of these scenarios seem like cheating,
    > especially when the Networking Academy lab says it should work with a
    > simple no shutdown.
    >


    Have you tried to put that port first into shutdown (shut - no shut) so
    it changes it state from errdisable to shutdown?

    These might also help:
    (config)#errdisable recovery cause psecure-violation
    (config)#errdisable recovery interval ?
    <30-86400> timer-interval(sec)


    --
    #seppo dot mannisto at uta dot fi
    Seppo Mannisto, Aug 1, 2006
    #2
    1. Advertising

  3. Guest


    > These might also help:
    > (config)#errdisable recovery cause psecure-violation
    > (config)#errdisable recovery interval ?
    > <30-86400> timer-interval(sec)
    >

    I had tried those out but they just made the interface come straight
    back up despitet the fact that I had set the interval to 300 seconds.

    I'll try shutdown before no shutdown later and let you know if that
    worked.

    Many thanks for the suggestions.

    Regards

    Steve
    , Aug 1, 2006
    #3
  4. Guest

    wrote:
    > > These might also help:
    > > (config)#errdisable recovery cause psecure-violation
    > > (config)#errdisable recovery interval ?
    > > <30-86400> timer-interval(sec)
    > >

    > I had tried those out but they just made the interface come straight
    > back up despitet the fact that I had set the interval to 300 seconds.
    >
    > I'll try shutdown before no shutdown later and let you know if that
    > worked.
    >
    > Many thanks for the suggestions.


    Google for [4500 errdisable no shutdown]
    returns as first hit:-

    http://www.cisco.com/en/US/products...figuration_guide_chapter09186a008019d0de.html
    "When a secure port is in the error-disabled state, you can bring it
    out of this state by entering the
    'errdisable recovery cause psecure_violation'
    global configuration command or you can manually reenable
    it by entering the 'shutdown' and 'no shutdown' interface
    configuration commands."

    As suggested

    shut
    no shut

    should do it.
    , Aug 1, 2006
    #4
  5. Guest

    I've tried the shutdown followed by no shudown and that brought the
    interface back up, exactly the point I had wasted 3 nights trying to
    get to.

    I'll have a go with some of the other bits suggested maybe at the
    weekend.

    Thank you very much for all of your help.

    Regards

    Steve
    , Aug 3, 2006
    #5
  6. Guest

    wrote:
    > I've tried the shutdown followed by no shudown and that brought the
    > interface back up, exactly the point I had wasted 3 nights trying to
    > get to.


    The key thing here is that you need to be able to investigate
    these things more efficiently yourself.

    That was why I tried to show how easy it was to find the
    exact document that you needed. Well, easy when you
    know what to put in.

    Imagine how hard it was before Cisco bought search technology from
    Google.

    One thing is that you will now /never/ forget that one.
    , Aug 4, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. www.networking-forum.com

    Lab Challenge 8 - OSPF lab 2

    www.networking-forum.com, Nov 3, 2005, in forum: Cisco
    Replies:
    0
    Views:
    4,418
    www.networking-forum.com
    Nov 3, 2005
  2. Replies:
    1
    Views:
    554
Loading...

Share This Page