06-20-2023 02:58 PM
I have recently configured port security in all ports only two ports error-disable and after i have shut no shut but no luck. I tried mode auto and full duplex but no luck.
anyone can help?
06-21-2023 09:29 AM
switchport port-security mac-address sticky <<- we decide to remove this command ?? why you add it again ?
06-21-2023 09:55 AM
Okay Will do again default port and do it and update the same.
06-21-2023 11:37 AM
Typo error sorry about that.
still same issue as per following configuration. This switch random ports are going to error -disable till now 2 ports are facing same issue all ports configuration is same.
interface GigabitEthernet5/46
switchport access vlan XX
switchport mode access
switchport voice vlan XX
switchport port-security maximum 10
switchport port-security
auto qos voip cisco-softphone
spanning-tree portfast edge
spanning-tree bpduguard enable
service-policy input AutoQos-4.0-Cisco-Softphone-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
end
CLEV-SR-IDF-2#show int gi5/46
GigabitEthernet5/46 is down, line protocol is down (err-disabled)
Hardware is Gigabit Ethernet Port, address is a0ec.f99e.b5e3 (bia a0ec.f99e.b5e3)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed, link type is auto, media type is 10/100/1000-TX
input flow-control is off, output flow-control is off
Auto-MDIX on (operational: on)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:14, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 264674
Queueing strategy: Class-based queueing
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 43000 bits/sec, 1 packets/sec
1865177404 packets input, 1361813692712 bytes, 0 no buffer
Received 4161589 broadcasts (4043611 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
06-21-2023 11:38 AM
If i will bounce port than again it will going to error disable. It was working only if I will remove disable port security.
06-21-2023 11:40 AM
Do these steps
Show mac address
Check the mac of pc and phone
Then do
Show running
So you see staitc maç address of pc and phone appear in running config?
06-21-2023 11:57 AM
Show mac address command showing me two mac but configuration show run not showing me any mac address
CLEV-SR-IDF-2#show mac address-table | in GigabitEthernet5/46
20 24d9.2147.21c1 dynamic ip,ipx,assigned,other GigabitEthernet5/46
40 806d.9725.12f7 dynamic ip,ipx,assigned,other GigabitEthernet5/46
interface GigabitEthernet5/46
switchport access vlan 40
switchport mode access
switchport voice vlan 20
switchport port-security maximum 10
auto qos voip cisco-softphone
spanning-tree portfast edge
spanning-tree bpduguard enable
service-policy input AutoQos-4.0-Cisco-Softphone-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
06-21-2023 11:59 AM
Can I see show running
Thanks
MHM
06-21-2023 12:01 PM
Do you mean whole configuration ?
06-21-2023 12:03 PM
Yes, hide any public IP and share here
06-22-2023 09:32 AM
Earlier we have configured 802.11 authenticate. does that affect anything.
Random ports going to error disable after allow 10 mac address
ip dhcp snooping vlan xx
no ip dhcp snooping information option
ip dhcp snooping
ip device tracking probe auto-source
vtp mode transparent
authentication mac-move permit
access-session acl default passthrough
epm logging
!
dot1x system-auth-control
diagnostic bootup level complete
errdisable recovery cause link-flap
errdisable recovery interval 60
power redundancy-mode redundant
!
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
mode sso
06-22-2023 09:38 AM
Alot' port security with 802.1x not work together' or work but with limitations.
So select one of them.
Thanks
MHM
06-22-2023 09:48 AM
can i remove following few commands from switch?
ip dhcp snooping vlan xx
no ip dhcp snooping information option
ip dhcp snooping
ip device tracking probe auto-source
vtp mode transparent
authentication mac-move permit
access-session acl default passthrough
epm logging
!
dot1x system-auth-control
diagnostic bootup level complete
errdisable recovery cause link-flap
errdisable recovery interval 60
power redundancy-mode redundant
!
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
mode sso
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide