I had problem with port security I configured port security for interface has 2 devices connected (ipphone+ pc) , Ip phone is working fine but pc is restricted and couldn't get an IP address
this is my configuration for the port : interface GigabitEthernet1/0/3
switchport access vlan 234
switchport mode access
switchport voice vlan 245
switchport port-security maximum 4
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0024.1d7e.5931
switchport port-security mac-address sticky 6899.cd84.e97a vlan voice
-----------------------------------------
sh port-security int g1/0/3
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Restrict
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 4
Total MAC Addresses : 2
Configured MAC Addresses : 0
Sticky MAC Addresses : 2
Last Source Address:Vlan : 0024.1d7e.5931:234
Security Violation Count : 0
Solved! Go to Solution.
here is working for config from switch : (changed only VLAN and your MAC)
switchport access vlan 234
switchport mode access
switchport voice vlan 245
switchport port-security maximum 4
switchport port-security maximum 1 vlan access
switchport port-security maximum 1 vlan voice
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0024.1d7e.5931 <-- check the MAC Address again
switchport port-security mac-address sticky 6899.cd84.e97a vlan voice <-- check the MAC Address again
spanning-tree portfast
Let me know how it goes ?
Hello,
what platform is this on ?
What if you configure:
switchport port-security mac-address sticky 0024.1d7e.5931 vlan access
here is working for config from switch : (changed only VLAN and your MAC)
switchport access vlan 234
switchport mode access
switchport voice vlan 245
switchport port-security maximum 4
switchport port-security maximum 1 vlan access
switchport port-security maximum 1 vlan voice
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0024.1d7e.5931 <-- check the MAC Address again
switchport port-security mac-address sticky 6899.cd84.e97a vlan voice <-- check the MAC Address again
spanning-tree portfast
Let me know how it goes ?
problem is solved really appreciate your help .
I just want to ask what if I add maximum 2 ? as I need to restrict two devices only to connect on this interface
Therefore, if I add maximum three it will be applicable ?
yes that do the job, any way even you allow more, you are already using Sticky with MAC address.
I'm little confused about this issue: if I sticky 2 mac address for example but maximum is 4 , that's mean if user connect addition device it will be allowed ?