Port security on a Catalyst 4000 - fails to shut down port

Discussion in 'Cisco' started by Jon Whitear, Nov 4, 2003.

  1. Jon Whitear

    Jon Whitear Guest

    I've got port security configured on a catalyst 4000, running catos
    7.6.3. The config command is:-

    set port security 6/18 enable age 0 maximum 1 shutdown 0 unicast-flood
    enable violation shutdown

    When I patch a workstation into the port, it learns the mac and shows
    it as secure. When I subsequently remove the workstation, a "show port
    security 6/18" shows no secure address. I can then patch a different
    workstation into the same port, and it learns the new machine's mac

    As I understand it, the first machine's mac address should be learnt,
    and the port should be shut down when the second machine is patched
    in. That's the behaviour we're looking for.

    I have tried setting the aging time and shutdown time (to 1440)
    without any effect.

    Your help is greatly appreciated.
    Jon Whitear, Nov 4, 2003
    1. Advertisements

  2. Jon Whitear

    Peter Guest

    I can't speak directly for CATOS, I have ever used it with this
    function, however with IOS there are 3 levels of port security.
    Comparing the above Port Security settings terminology with IOS, the
    above appears to say to me that only ONE MAC can be present at a
    time on that port, however if the LINK goes DOWN, then the switch will
    re-learn a new MAC for that port. I think you need to turn on AGING to
    enable the switch to remember the MAC for a period of time AFTER the
    LINK goes down, so that a new MAC learnt before that AGING time
    expires will perform the shutdown.

    Peter, Nov 4, 2003
    1. Advertisements

  3. Jon Whitear

    Jon Whitear Guest

    I've tried setting the age timer to 1440 minutes (=1 day) without any
    effect. Setting the age to 0 should disable ageing, i.e. the mac
    address is permanent.

    The odd thing is, we have some Cat 4000s running version 5.5(1) with
    the same config, on which port security works fine.


    Jon Whitear, Nov 4, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.