As per port security guidelines and restrictions, you cannot enable port security on EtherChannels and a secure port cannot belong to an EtherChannel port-channel interface. But, the issue is when you are able to configure the maximum number of secure MAC addresses on a port-channel interface.
In this sample configuration, you can set the aging time and maximum MACs:
Alternatively, an EtherChannel does not form with ports where the port security feature is enabled.
Cisco IOS allows you to configure the port security features, such as aging time and maximum MACs, but port security is not actually enabled on this port. Hence, the switch basically ignores the configurations.
In order to enable port security, you need the command switchport port-security by itself. Also, if you try on the ports that are part of EtherChannel, the switch does not accept the command and displays an error as this example output shows:
Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#interface po10 Switch(config-if)#switch port-security aging time 23 Switch(config-if)#switch port-security Command rejected: Port-channel10 is channelling.
Hi everyoneAfter i upgraded C6800-SUP6T-XL firmware to s6t64-adventerprisek9-mz.SPA.155-1.SY5.binand reloadSEC BOOT FAIL message keeps coming up and it's stuck on this state i've tried pressing reset button and rebooting but it didn't work...
The "web ui only" software upgrade in the Catalyst CCP GUI does not work (v1.8.2) and earlier. It seems to puts the TAR file onto the switch ok and untars it ok into a folder but does not activate it. you can find the folder in the flash: drive as <som...
when we have separated control plane node and border node so there will be IBGP session between CP and Border node and CP will advertise all the lisp database via summarization to the Border node so what will be the next hop at Border for this routes that...
hi we have got C1111-8PLTELA with ipbase and security license. the firmware which was with the router supported only smart license. because of that we downgraded to c1100-universalk9_ias.16.09.02.SPA.bin. when we check show license, i...
i have an cisco on-prem sdwan deployment where they need to host the controller's behind a dmz firewall. They need these controller's to be reachable over mpls and internet . I have successfully onboarded the cedges over the internet . But the control lin...