08-14-2012 03:18 PM - edited 03-07-2019 08:20 AM
I'm trying to enable port security on several 4507R's. When I try to configure a range of ports the switch will randomly put 1 or 2 in err-disable. It's different every time I apply the config to the same group of ports. However if I do them one at a time it seems to work. But I really don't want to configure 6 fully populated switches one port at a time. We also have a lot of 3750's and they gave me no problem using a port range.
Here is the config I'm trying to configure
switchport port-security
switchport port-security maximum 2
switchport port-security aging time 1
switchport port-security aging type inactivity
The IOS version is. 12.2(25)EWA8
Solved! Go to Solution.
08-14-2012 05:58 PM
Try rearranging the order in which you put the commands in. Put "switchport port-security" in last, as immediately when you enter this command, port security is enabled with the default maximum of 1 mac address per interface. If a port has two hosts on it before the next command setting the maximum to 2 is entered, it will get disabled.
Another option is to temporarily enable error disable recovery:
errdisable recovery cause psecure-violation
errdisbale recovery interval 'seconds'
Sent from Cisco Technical Support iPad App
08-14-2012 05:58 PM
Try rearranging the order in which you put the commands in. Put "switchport port-security" in last, as immediately when you enter this command, port security is enabled with the default maximum of 1 mac address per interface. If a port has two hosts on it before the next command setting the maximum to 2 is entered, it will get disabled.
Another option is to temporarily enable error disable recovery:
errdisable recovery cause psecure-violation
errdisbale recovery interval 'seconds'
Sent from Cisco Technical Support iPad App
08-15-2012 07:13 AM
Thanks. I'll try that tonigh and let you know.
08-15-2012 07:38 AM
Hi,
Make sure the ports you're trying to configure are access ports (switchport mode access).
Sent from Cisco Technical Support iPhone App
08-16-2012 01:33 PM
That did the trick. I put switchport port-security at the bottom and when I applied it to ranges no ports went int err-disable.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide