cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
2855
Views
10
Helpful
9
Replies
jwilson
Beginner

Disable Port Security on SG switches

How can we disable Port Security on SG switches?

 

adTHANKSvance!

9 REPLIES 9
Georg Pauwen
VIP Expert

Hello,

 

which switch model are you talking about ? On the 350/350X/550X, you go to Security --> Port Security and then deselect the 'Interface Status' to unlock the port (page 317 of the attached admin guide)...

 

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/350xg/admin_guide/AG_Tesla_350_550.pdf

I assume by "deselect the 'Interface Status' " you mean change a Locked port to Unlocked.

But what I mean by "Disable Port Security" is turn off Port Security for all ports, so no ports will be ever be Locked.  I've tried every trick I can think of in the GUI.   And from the CLI I've done...

no port security max
no port security mode
no port security

...for every interface, and still the ports are getting locked.

These are SG350 and SG300 switches.

Thanks!

 

Did you ever find the answer to this.. having the exact same issues with 7 recently deployed SG350-52P's -- unlock them all via GUI / Set to Unlock and random ports re-lock...

 

Did the same on each interface via CLI and they still re-locked...

 

Thanks
Brady

SG350 & SG300.
Right, but then it gets locked again.

Hello,

 

odd indeed. What if you apply the 'no_desktop' smartport macro (page 191 of the attached guide) to the port ?

 

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/350xg/admin_guide/AG_Tesla_350_550.pdf

cdmoore1972
Beginner

We've seen this a bunch. The port security is set to on by default, which was unexpected and problematic as a result, because it was blocking stuff all over the place. 

 

However, even when we disabled port security in the GUI and through the command line, we're seeing ports continue to get locked up. 

 

We're on our third support call to Cisco to see how we can get this fixed, because we just deployed these switches all over. 

 

Allegedly firmware 2.5.5 and later will disable Smartport by default. We upgraded, but are still having issues. 

I have the same issue. No matter what i try the stupid switch randomly locks up ports and to make it worse it doesn't even show it's locked in the GUI. Cisco really made a mess of this switch series.

Net_Connect473
Beginner

It seems the settings built into the macros for Smartports turns on port security and sets dynamic locking on the ports with several of the built-in macros.  It appears the port security setting may not be looking at the dynamic hosts portion of the configuration.  We can set 256 hosts, plug the same device in and at some point port security seems to lock the port anyway, thus rendering it useless.

 

This is definitely different behavior than we saw the earlier SG300 and SG500 series switches. 

 

Has anyone developed a workaround that doesn't involve disabling Smartports entirely?

It also appears when there is a bunch of LLDP, EEE, and/or possibly CDP traffic on the switch that it seems to get confused and just decides to lock some or all of the ports that have dynamic locking enabled.