Solved: Re: Disable port security

samychihi21 · ‎06-13-2010

Good morning every body :-)

i need your help;

i activated the port security in my packet tracer, and now this is what i have:

Switch#show port-security int fast 0/3

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Shutdown

Aging Time : 0 mins

Aging Type : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 1

Total MAC Addresses : 1

Configured MAC Addresses : 1

Sticky MAC Addresses : 0

Last Source Address:Vlan : 00D0.D3D1.3B86:1

Security Violation Count : 0

actually i have 2 problems

1-i want desable port security

2-Sticky mac addresses is working fine after configuration, but it show always 0 except if i change Maximum MAC Addresses; is-it normal, or i made a mistake.

thank you very much for your help.

i'm new in cisco switching so i appreciate so much your help :-)

Regards.

Reza Sharifi · ‎06-13-2010

Hi Samy,

If you want to delete port security just login via cli and under that specific port do the following:

no switchport port-security maximum

no switchport port-security mac-address sticky

no switchport port-security

HTH

Reza

View solution in original post

Ganesh Hariharan · ‎06-14-2010

Good morning every body :-)

i need your help;

i activated the port security in my packet tracer, and now this is what i have:

Switch#show port-security int fast 0/3

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Shutdown

Aging Time : 0 mins

Aging Type : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 1

Total MAC Addresses : 1

Configured MAC Addresses : 1

Sticky MAC Addresses : 0

Last Source Address:Vlan : 00D0.D3D1.3B86:1

Security Violation Count : 0

actually i have 2 problems

1-i want desable port security

2-Sticky mac addresses is working fine after configuration, but it show always 0 except if i change Maximum MAC Addresses; is-it normal, or i made a mistake.

thank you very much for your help.

i'm new in cisco switching so i appreciate so much your help :-)

Regards.

Hi,

To disable port security on an interface, use the no form of this command.

switchport port-security
no switchport port-security

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_s6.html

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

View solution in original post

Hitesh Vinzoda · ‎06-14-2010

Hi,

You can disable the port-security as suggested by Reza or Ganesh, The answer related to your 2nd question is as below

Switch#show port-security int fast 0/3

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Shutdown

Aging Time : 0 mins

Aging Type : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 1

Total MAC Addresses : 1

Configured MAC Addresses : 1 >> This should be "0"

Sticky MAC Addresses : 0 >> This should be "1"

Last Source Address:Vlan : 00D0.D3D1.3B86:1

Security Violation Count : 0

As you haven't configured the mac address it should be 0

also the mac address learned is via sticky so it should be 1

If you have configured sticky and port security is enabled than you are good to go. I think its problem with the packet tracert SIM.

View solution in original post

Ganesh Hariharan · ‎06-16-2010

Hello every body, thanks for your help :-)

As you can see bellow

Switch#show port-security int fast 0/3
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1
Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0

after that i checked if i can remove the security-port and it is not working for port-security sticky

*Please see below and advice

Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int fast 0/3
Switch(config-if)#no switchport port-security maximum
Switch(config-if)#no switchport port-security mac-address sticky
Switch(config-if)#no switchport port-security
Switch(config-if)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Switch#
Switch#
Switch#
Switch#show port-security int fast 0/3
Port Security              : Disabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1   => should be 0
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1    =>should be 0
Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0

Switch#

Thanks in advance

Hi Samy,

If you disable sticky learning by using the no switchport port-security mac-address sticky interface configuration command or the running configuration is removed, the sticky secure MAC addresses remain part of the running configuration but are removed from the address table. The addresses that were removed can be dynamically reconfigured and added to the address table as dynamic addresses.Without the sticky option, the mac-address association goes away after a specified period of time.

When you configure sticky secure MAC addresses by using the switchport port-security mac-address sticky mac-address interface configuration command, these addresses are added to the address table and the running configuration. If port security is disabled, the sticky secure MAC addresses remain in the running configuration.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_37_se/command/reference/cli3.html#wp1948361

Hope to Help !!

Ganesh.H

View solution in original post

Reza Sharifi · ‎06-13-2010

Hi Samy,

If you want to delete port security just login via cli and under that specific port do the following:

no switchport port-security maximum

no switchport port-security mac-address sticky

no switchport port-security

HTH

Reza

Ganesh Hariharan · ‎06-14-2010

Good morning every body :-)

i need your help;

i activated the port security in my packet tracer, and now this is what i have:

Switch#show port-security int fast 0/3

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Shutdown

Aging Time : 0 mins

Aging Type : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 1

Total MAC Addresses : 1

Configured MAC Addresses : 1

Sticky MAC Addresses : 0

Last Source Address:Vlan : 00D0.D3D1.3B86:1

Security Violation Count : 0

actually i have 2 problems

1-i want desable port security

2-Sticky mac addresses is working fine after configuration, but it show always 0 except if i change Maximum MAC Addresses; is-it normal, or i made a mistake.

thank you very much for your help.

i'm new in cisco switching so i appreciate so much your help :-)

Regards.

Hi,

To disable port security on an interface, use the no form of this command.

switchport port-security
no switchport port-security

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_s6.html

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Hitesh Vinzoda · ‎06-14-2010

Hi,

You can disable the port-security as suggested by Reza or Ganesh, The answer related to your 2nd question is as below

Switch#show port-security int fast 0/3

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Shutdown

Aging Time : 0 mins

Aging Type : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 1

Total MAC Addresses : 1

Configured MAC Addresses : 1 >> This should be "0"

Sticky MAC Addresses : 0 >> This should be "1"

Last Source Address:Vlan : 00D0.D3D1.3B86:1

Security Violation Count : 0

As you haven't configured the mac address it should be 0

also the mac address learned is via sticky so it should be 1

If you have configured sticky and port security is enabled than you are good to go. I think its problem with the packet tracert SIM.

samychihi21 · ‎06-14-2010

Thank you very much for your help,

i will check that to nif=ght at home

@ Ganesh from TATA

happy to see your message, i always reply to your messages from Telecom italia sparkle :-)

samychihi21 · ‎06-15-2010

Hello every body, thanks for your help :-)

As you can see bellow

Switch#show port-security int fast 0/3
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1
Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0

after that i checked if i can remove the security-port and it is not working for port-security sticky

*Please see below and advice

Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int fast 0/3
Switch(config-if)#no switchport port-security maximum
Switch(config-if)#no switchport port-security mac-address sticky
Switch(config-if)#no switchport port-security
Switch(config-if)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Switch#
Switch#
Switch#
Switch#show port-security int fast 0/3
Port Security              : Disabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1   => should be 0
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1    =>should be 0
Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0

Switch#

Thanks in advance

Ganesh Hariharan · ‎06-16-2010

Hello every body, thanks for your help :-)

As you can see bellow

Switch#show port-security int fast 0/3
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1
Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0

after that i checked if i can remove the security-port and it is not working for port-security sticky

*Please see below and advice

Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int fast 0/3
Switch(config-if)#no switchport port-security maximum
Switch(config-if)#no switchport port-security mac-address sticky
Switch(config-if)#no switchport port-security
Switch(config-if)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Switch#
Switch#
Switch#
Switch#show port-security int fast 0/3
Port Security              : Disabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1   => should be 0
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1    =>should be 0
Last Source Address:Vlan   : 00D0.D3D1.3B86:1
Security Violation Count   : 0

Switch#

Thanks in advance

Hi Samy,

If you disable sticky learning by using the no switchport port-security mac-address sticky interface configuration command or the running configuration is removed, the sticky secure MAC addresses remain part of the running configuration but are removed from the address table. The addresses that were removed can be dynamically reconfigured and added to the address table as dynamic addresses.Without the sticky option, the mac-address association goes away after a specified period of time.

When you configure sticky secure MAC addresses by using the switchport port-security mac-address sticky mac-address interface configuration command, these addresses are added to the address table and the running configuration. If port security is disabled, the sticky secure MAC addresses remain in the running configuration.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_37_se/command/reference/cli3.html#wp1948361

Hope to Help !!

Ganesh.H

samychihi21 · ‎06-16-2010

Dear Ganesh;

Thank you very much for your answer.

You are really helpful :-)

Regards