Port security on a Catalyst 4000 - fails to shut down port

Discussion in 'Cisco' started by Jon Whitear, Nov 4, 2003.

  1. Jon Whitear

    Jon Whitear Guest

    I've got port security configured on a catalyst 4000, running catos
    7.6.3. The config command is:-

    set port security 6/18 enable age 0 maximum 1 shutdown 0 unicast-flood
    enable violation shutdown

    When I patch a workstation into the port, it learns the mac and shows
    it as secure. When I subsequently remove the workstation, a "show port
    security 6/18" shows no secure address. I can then patch a different
    workstation into the same port, and it learns the new machine's mac
    address.

    As I understand it, the first machine's mac address should be learnt,
    and the port should be shut down when the second machine is patched
    in. That's the behaviour we're looking for.

    I have tried setting the aging time and shutdown time (to 1440)
    without any effect.

    Your help is greatly appreciated.
    Jon Whitear, Nov 4, 2003
    #1
    1. Advertising

  2. Jon Whitear

    Peter Guest

    Jon Whitear wrote:
    > I've got port security configured on a catalyst 4000, running catos
    > 7.6.3. The config command is:-
    >
    > set port security 6/18 enable age 0 maximum 1 shutdown 0 unicast-flood
    > enable violation shutdown


    I can't speak directly for CATOS, I have ever used it with this
    function, however with IOS there are 3 levels of port security.
    Comparing the above Port Security settings terminology with IOS, the
    above appears to say to me that only ONE MAC can be present at a
    time on that port, however if the LINK goes DOWN, then the switch will
    re-learn a new MAC for that port. I think you need to turn on AGING to
    enable the switch to remember the MAC for a period of time AFTER the
    LINK goes down, so that a new MAC learnt before that AGING time
    expires will perform the shutdown.

    Regards...........pk.

    --
    *** Replace SOMEONE with prk ***
    Peter, Nov 4, 2003
    #2
    1. Advertising

  3. Jon Whitear

    Jon Whitear Guest

    I've tried setting the age timer to 1440 minutes (=1 day) without any
    effect. Setting the age to 0 should disable ageing, i.e. the mac
    address is permanent.

    The odd thing is, we have some Cat 4000s running version 5.5(1) with
    the same config, on which port security works fine.

    Cheers,

    Jon
    Jon Whitear, Nov 4, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gabe
    Replies:
    2
    Views:
    715
  2. Adam M
    Replies:
    0
    Views:
    450
    Adam M
    Feb 5, 2006
  3. KATHRYN TERNOUTH

    Second account fails to shut down

    KATHRYN TERNOUTH, Jan 9, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    455
  4. Mike Gleason Jr Couturier

    Game won't properly shut down + Catalyst problem

    Mike Gleason Jr Couturier, Dec 13, 2005, in forum: Windows 64bit
    Replies:
    3
    Views:
    311
    Mike Gleason Jr Couturier
    Dec 14, 2005
  5. =?Utf-8?B?S2Vu?=

    Shut Down Fails

    =?Utf-8?B?S2Vu?=, Feb 7, 2006, in forum: Windows 64bit
    Replies:
    11
    Views:
    524
    =?Utf-8?B?RnJhbsOnb2lz?=
    Mar 7, 2006
Loading...

Share This Page