An incorrect switchport mode configuration causes the inability to configure port security on a switch in the Catalyst 2950 or 3550 series.
A port on a Catalyst 2950 or 3550 model must first be configured as an access port in order to configure port security. Set the interface mode as access by issuing the interface configuration switchport modeaccess command. An interface in the default mode (dynamic desirable) cannot be configured as a secure port.
These are some other guidelines for configuring port security:
Port security can only be configured on static access ports.
A secure port cannot be a dynamic access port or a trunk port.
A secure port cannot be a destination port for Switch Port Analyzer (SPAN).
A secure port cannot belong to an EtherChannel port group.
A secure port cannot be an 802.1X port.
You cannot configure static secure MAC addresses in the voice VLAN.
When you enable port security on a voice VLAN port, you must set the maximum allowed secure addresses on the port to at least two. When the port is connected to a Cisco IP phone, the IP phone requires two MAC addresses: one for the access VLAN and the other for the voice VLAN. Connecting a PC to the IP phone requires additional MAC addresses.
When port security is enabled on a port, the secure addresses on the port are deleted only if they are inactive for the specified aging time.You can issue the port security aging or switchport port-security aging time command to set the aging time for all dynamic and static secure addresses on a port.
I am using one Cisco SG300. I am trying to simulate two unmanaged switches in the cisco managed switch using VLANs.Port 3 - VLAN 2 - AccessPort 4 - VLAN 2 - AccessPort 5 - VLAN 3 - AccessGlobal STP - DisabledI am trying to test STP of another device. For ...
Hi, I have inheirited a network which is experiencing an intermittent issue. The network structure is two 4500 core switches which handle all routing between the various vlans. There are several access switches (2960s) connected to the core switches.There...
Hi all,I'm running the above router with a few catalyst switches. Config for the ISR attached.The problem being I want to use the router for tertiary DNS - I already have 2 x pi-holes internally taking care on a day to day basis for DNS.When I SSH t...
Hello all. I needed release notes for this particular IOS cat3k_caa-universalk9.16.12.03s.SPA.bin and could only find the link below. We need this ios to work with SDA is this link correct or can someone point me somewhere else please? &nb...