Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3291
Views
5
Helpful
13
Replies

port security config camera not working

Go to solution
warner1
Level 1
Level 1

‎02-01-2021 04:25 AM

Hello all

after port security configuration in the switch my cameras are not working. 

all the other devices in the same switch are working like Biometric.

please help me out in this regards.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcelo Morais
VIP
VIP
In response to warner1

‎02-03-2021 09:45 AM

Hi @warner1 

 if my understanding is correct, your issue is not configuring MAB with ISE ... the point is, you have to configure port-security, but there is an issue between the port-security configuration and the Camera.

 

 To troubleshoot port-security:

 

debug port-security

 

Try some simple configurations like:

 

interface <interface>
 shut
 switchport access vlan <VLAN>
 switchport mode access
 switchport port-security maximum 3
 switchport port-security violation  restrict
 switchport port-security
 spanning-tree portfast
 no shut

 

then you can use the Camera MAC Addr:

 

interface <interface>
 shut
 no switchport port-security maximum 3
 switchport port-security mac-address stick [MAC Addr]
 no shut

 

Hope this helps !!!

View solution in original post

0 Helpful
13 Replies 13

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-01-2021 04:30 AM

Camera will be MAB authentication, can you post one of the port configuraiton where Camera connected and not working

what you see on the Logs of switch and ISE ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP

‎02-01-2021 06:33 AM - edited ‎02-01-2021 06:34 AM

Hi @warner1 

 take a look at the following link: ISE Secure Wired Access Prescriptive Deployment Guide  ... search for port-security.

 

Hope this helps !!!

0 Helpful

Go to solution
warner1
Level 1
Level 1
In response to Marcelo Morais

‎02-01-2021 10:53 PM

still i didnt get this....? please help me out in this.

Even though the port-security interface command enforces MAC address limit, it is not compatible with the authentication/dot1x configurations on the switch port. In general, we recommend that you do not enable port security when IEEE 802.1x is enabled.

 

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to warner1

‎02-02-2021 03:13 AM

Hi @warner1 

 the port-secutiy is at Switch Level ... and the 802.1x is an ISE feature (in your case you are using the DOT1X/MAB configuration), that's why it's not recommended to use port-security with 802.1x.

 

Hope this helps !!!

0 Helpful

Go to solution
warner1
Level 1
Level 1
In response to Marcelo Morais

‎02-02-2021 03:44 AM

Thanks @Marcelo Morais for your reply

now what i have to do for configuration of port security as it is necessary for me to configure it without going off the cameras.

i will be thankful to you for your support.

Go to solution
ahollifield
VIP
VIP
In response to warner1

‎02-02-2021 04:49 AM - edited ‎02-02-2021 04:50 AM

Are you trying to use both port-security and 802.1X or just port security?

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to warner1

‎02-02-2021 12:16 PM

Hi @warner1 

 could you please share why the port-security is a must for you? Why not configuring MAB on the port?

 

For port-security configuration: How to configure port-security.

For MAB configuration: Steps to configure ISE for MAB.

 

Hope this helps !!!

0 Helpful

Go to solution
warner1
Level 1
Level 1
In response to Marcelo Morais

‎02-03-2021 12:46 AM

Hi @Marcelo Morais 

As my manager said to configure port security to all the ports in the switch and i configured all the ports except for the camera ports. i spoke with the camera team as well but they to dont have any idea of it. what would be the best solution in your view.

please guide me in this scenario.

0 Helpful

Go to solution
ahollifield
VIP
VIP
In response to warner1

‎02-03-2021 09:14 AM

Do you have both 802.1X/MAB and Port security enabled on the switchport?  Please share your switchport configuration.

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to warner1

‎02-03-2021 09:45 AM

Hi @warner1 

 if my understanding is correct, your issue is not configuring MAB with ISE ... the point is, you have to configure port-security, but there is an issue between the port-security configuration and the Camera.

 

 To troubleshoot port-security:

 

debug port-security

 

Try some simple configurations like:

 

interface <interface>
 shut
 switchport access vlan <VLAN>
 switchport mode access
 switchport port-security maximum 3
 switchport port-security violation  restrict
 switchport port-security
 spanning-tree portfast
 no shut

 

then you can use the Camera MAC Addr:

 

interface <interface>
 shut
 no switchport port-security maximum 3
 switchport port-security mac-address stick [MAC Addr]
 no shut

 

Hope this helps !!!

0 Helpful

Go to solution
ahollifield
VIP
VIP

‎02-01-2021 12:38 PM

Do you mean port-security like the built in sticky MAC, etc. on the switch.  Or are you configuring 802.1X/MAB on the switchport?

0 Helpful

Go to solution
warner1
Level 1
Level 1
In response to ahollifield

‎02-01-2021 10:54 PM

i tried both of it but still not working my cameras are going off.

0 Helpful

Go to solution
ahollifield
VIP
VIP
In response to warner1

‎02-02-2021 04:50 AM

Port-security is not supported with 802.1X.  You should either choose to use 802.1X pointed at ISE or authentication or port-security.  

0 Helpful
Customers Also Viewed These Support Documents