Re: Cisco 3850 Port Security

14101R14944A · ‎03-29-2020

Hello

I have a Cisco 3850 that has desktops and printers port secured by MAC address, I need to replace the desktops and printers.

What commands can I use for no port security, then replace the desktops and printers, then port secure by the new MAC adresse's?

Thank you
14944A

omz · ‎03-29-2020

Hi

I would first do

show run [interface interface_id]

show port-security [interface interface_id]

to see how port-security is already configured. It's important to note what is already configured .. sticky, max, violation, secure addresses ..

have a look at this document -

https://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/multibook/configuration_guide/b_consolidated_config_guide_3850_chapter_011111.html#concept_AF4C225785F24B95A1052052BC6CD195

no switchport port-security to return the interface to the default condition as not a secure port

change the mac-address in the interface config and copy/paste

hope this helps

14101R14944A · ‎03-30-2020

Close this, I was expecting an more mature answer I found at another site, come on guys!

Remove Old MAC Address

no switchport port-security

no switchport port-security mac-address sticky

no switchport port-security mac-address sticky 0023.044b.75b0 (Current MAC)

Add New MAC Address

switchport port-security

switchport port-security mac-address sticky

switchport port-security mac-address sticky 0023.044b.75b0 (Whatever new MAC)

Cristian Matei · ‎03-30-2020

Hi,

If you have not configured static or sticky MAC addresses, there is nothing to be done, just connect your new devices and the switch will learn the new "secure" MAC addresses. However, if you have used static, you would have to remove those MAC address from each port configuration, and manually configure the new ones; if you used sticky, shutdown the port, remove the sticky MAC addresses, connect the new devices, and reactive the port.

Regards,

Cristian Matei.