Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
698
Views
0
Helpful
4
Replies

authentication with port security in 2960x switch

kareem.shahat
Level 1
Level 1

‎12-09-2017 03:42 AM - last edited on ‎03-25-2019 04:46 PM by Community Manager

After upgrading to version 15.2.2 E7 i have problem when running mac authentication with port security

 

ex: i have  pc with mac 1077.b159.0623 which authenticate from radius server (Aruba clearpass version 6.6.8.1000017 ) assign it in  vlan 141 

commands on interface :

switchport mode access
switchport port-security mac-address sticky
switchport port-security mac-address sticky 1077.b159.0623 vlan voice
duplex full
authentication order mab
authentication priority mab
authentication port-control auto
authentication periodic
authentication violation restrict
mab
storm-control broadcast level 1.00
spanning-tree portfast
spanning-tree bpduguard enable

 

1. when i enable port security with mac authentication (maximum mac address 2 ) it show that the mac address in vlan voice although it is not in vlan voice , in the radius server show that this mac address was already accepted and assigned already in vlan 141  

 

switchport port-security mac-address sticky 1077.b159.0623 vlan voice

 

2. but if i enable mac add with maximum 1 for port security the interface is in error-disable mode 

#show inter g4/0/21 status

Port               Name              Status                   Vlan                         Duplex Speed Type
Gi4/0/21                            err-disabled            1                            full auto 10/100/1000BaseTX

Labels:
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎12-09-2017 05:28 AM

Hello.

 

is that a standalone switch, or part of a stack ?

0 Helpful

kareem.shahat
Level 1
Level 1
In response to Georg Pauwen

‎12-09-2017 05:32 AM

part of stack 

0 Helpful

Georg Pauwen
VIP
VIP
In response to kareem.shahat

‎12-09-2017 05:45 AM - edited ‎12-09-2017 05:47 AM

Hello,

 

you could be hitting one of the bugs below:

 

Port-security not working after upgrade to 152-2.E7 on 2960X stack.
CSCvg85032
Description
Symptom:
2960X stacks running 15.2(2)E7 having port-security enabled.

Conditions:
Upgrading to 152-2.E7 with port-security configured.

Workaround:
Removing the port-security on the port resolves the issue.

 

MAC synch is not working on stack of 2960x when port-security enabled
CSCvg64424
Description
Symptom:
Switch does not learn MAC address on ports where port security is enabled.

Conditions:
2960X stacked running 15.2(2)E6

Workaround:
Remove port-securityfrom ports

0 Helpful

kareem.shahat
Level 1
Level 1
In response to Georg Pauwen

‎12-09-2017 06:03 AM

Thanks for your help

 

I want to notify you that the port security already working well when i assign the port in access vlan 141 manually 

but when i run mac authentication with port security the issue happen, i want to run mac authentication with port security in the same time.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card