Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
340
Views
0
Helpful
0
Replies

Port Security - Networking Issues

mnes02
Level 1
Level 1

‎10-02-2020 04:50 AM

Hello everyone, 

 

I have this weird issue when activating Port-Security on my 2960X Stack. 

Switch Type: WS-C2960X-48LPD-L 

Firmware:      15.2(2)E6

 

First of all my Port Configuration:

 

interface GigabitEthernet1/0/29
description Client Port
switchport mode access
switchport nonegotiate
switchport voice vlan 2
switchport port-security maximum 4
switchport port-security maximum 2 vlan access
switchport port-security maximum 2 vlan voice
switchport port-security
srr-queue bandwidth share 1 30 35 5
priority-queue out
snmp trap mac-notification change added
snmp trap mac-notification change removed
no snmp trap link-status
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
storm-control broadcast level pps 1k
storm-control multicast level pps 1k
storm-control action shutdown
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY

 

On this specific Port a Cisco Phone (CP-8845) is connected. As soon as I type the "switchport port-security" command.

The phone goes to registering and won't register anymore.

 

Mac Address Table before Activating Port - Security


sh mac address-table int gi1/0/29
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0076.86fd.2213 DYNAMIC Gi1/0/29
2 0076.86fd.2213 DYNAMIC Gi1/0/29
Total Mac Addresses for this criterion: 2

 

Port Security on Port before Activating:

       sh port-security int gi1/0/29
Port Security : Disabled
Port Status : Secure-down
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 4
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0076.86fd.2213:2
Security Violation Count : 0

 

After activating Port Security the MAC Address Table empties out:

 

do sh mac address-table int gi1/0/29
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----

 

 

Port Security after activating

sh port-security int gi1/0/29
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 4
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0076.86fd.2213:2
Security Violation Count : 0

 

sh port-security int gi1/0/29 address
Secure Mac Address Table
-----------------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
(mins)
---- ----------- ---- ----- -------------
2 0076.86fd.2213 SecureDynamic Gi1/0/29 -
-----------------------------------------------------------------------------
Total Addresses: 1

 

Address is learned by the Port Security but no longer in the MAC Address Table and the Phone is in "Registration in Progress"

 

Has anyone ever experienced such an issue? I'd like to enable Port-Security within my network.

 

Kind Regards,
Maximillian

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents