Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1135
Views
0
Helpful
7
Replies

no switchport port-security maximum 2 is not work

zhang1989xiaoran
Level 1
Level 1

‎03-15-2022 01:21 AM

cisco-A20911954#show running-config interface gigabitEthernet 1/0/8
Building configuration...

Current configuration : 271 bytes
!
interface GigabitEthernet1/0/8
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 250,4094
switchport mode trunk
switchport port-security maximum 2
authentication host-mode multi-host
authentication port-control auto
dot1x pae authenticator
end

cisco-A20911954#show port-
cisco-A20911954#show port-security ?
address Show secure address
interface Show secure interface
| Output modifiers
<cr>

cisco-A20911954#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 1
Max Addresses limit in System (excluding one mac per port) : 2048
cisco-A20911954#show mac add
cisco-A20911954#show mac address-table inter
cisco-A20911954#show mac address-table interface GigabitEthernet1/0/8
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
1 041d.c71f.1699 STATIC Gi1/0/8
Total Mac Addresses for this criterion: 1

 

 

cisco-A20911954(config)#interface GigabitEthernet1/0/8
cisco-A20911954(config-if)#no switchport port-security maximum 2
Maximum is less than number of currently secured mac-addresses.

Labels:
0 Helpful
7 Replies 7

marce1000
VIP
VIP

‎03-15-2022 02:41 AM

 

          - Try this procedure :

  1. Shutdown the port
  2. remove port-security (no port-security)
  3. reconfigure port security   (according to your intentions)
  4. no shutdown the port

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

zhang1989xiaoran
Level 1
Level 1
In response to marce1000

‎03-15-2022 04:31 AM

Thank you for your feedback

 

cisco-A20911954(config)#inter
cisco-A20911954(config)#interface gi
cisco-A20911954(config)#interface gigabitEthernet 1/0/8
cisco-A20911954(config-if)#shutdown
cisco-A20911954(config-if)#no sw
cisco-A20911954(config-if)#no switchport port-s
cisco-A20911954(config-if)#no switchport port-security
cisco-A20911954(config-if)#no sw
cisco-A20911954(config-if)#no switchport port
cisco-A20911954(config-if)#no switchport port-security max
cisco-A20911954(config-if)#no switchport port-security maximum 2
Maximum is less than number of currently secured mac-addresses.

it does not solve my problem

0 Helpful

marce1000
VIP
VIP
In response to zhang1989xiaoran

‎03-15-2022 04:57 AM

 

           - What device model is this and what is the software version , that it is currently running ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

zhang1989xiaoran
Level 1
Level 1
In response to marce1000

‎03-15-2022 05:43 PM

cisco-A20911954#show version
Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Thu 02-Dec-10 07:46 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02F00000

ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

cisco-A20911954 uptime is 18 weeks, 16 hours, 33 minutes
System returned to ROM by power-on
System image file is "flash:c3750-ipservicesk9-mz.122-55.SE1.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3750G-24TS-1U (PowerPC405) processor (revision H0) with 131072K bytes of memory.
Processor board ID FOC1446V3VR
Last reset from power-on
5 Virtual Ethernet interfaces
28 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 08:17:35:78:D3:00
Motherboard assembly number : 73-10219-09
Power supply part number : 341-0098-02
Motherboard serial number : FOC14464P7H
Power supply serial number : AZS143912L9
Model revision number : H0
Motherboard revision number : A0
Model number : WS-C3750G-24TS-S1U
System serial number : FOC1446V3VR
Top Assembly Part Number : 800-26859-03
Top Assembly Revision Number : B0
Version ID : V05
CLEI Code Number : COMB600BRA
Hardware Board Revision Number : 0x09


Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 28 WS-C3750G-24TS-1U 12.2(55)SE1 C3750-IPSERVICESK9-M


Configuration register is 0xF

cisco-A20911954#show run
cisco-A20911954#show running-config inter
cisco-A20911954#show running-config interface Gi
cisco-A20911954#show running-config interface GigabitEthernet1/0/8
Building configuration...

Current configuration : 84 bytes
!
interface GigabitEthernet1/0/8
switchport port-security maximum 2
shutdown
end

 

0 Helpful

marce1000
VIP
VIP
In response to zhang1989xiaoran

‎03-16-2022 12:22 AM

 

 - When the port is shutdown try :  default  interface GigabitEthernet1/0/8 , and try the intended configuration on  the port again , including the rest of the settings.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

zhang1989xiaoran
Level 1
Level 1
In response to marce1000

‎03-16-2022 06:47 PM

cisco-A20911954(config-if)#shutdown
cisco-A20911954(config-if)#exit
cisco-A20911954(config)#defua
cisco-A20911954(config)#defa
cisco-A20911954(config)#default interface GigabitEthernet1/0/8
Maximum is less than number of currently secured mac-addresses.
% Error(s) seen setting interface GigabitEthernet1/0/8 to it's default config
cisco-A20911954(config)#default interface GigabitEthernet1/0/8
Maximum is less than number of currently secured mac-addresses.
% Error(s) seen setting interface GigabitEthernet1/0/8 to it's default config
cisco-A20911954(config)#

 

it's no work!

 

is this  a bug?

 

0 Helpful

marce1000
VIP
VIP
In response to zhang1989xiaoran

‎03-17-2022 12:00 AM

 

         - Reboot the device and try again (with default interface GigabitEthernet1/0/8)

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful
Customers Also Viewed These Support Documents