02-09-2019 10:18 PM - edited 03-08-2019 05:17 PM
I had problem with port security I configured port security for interface has 2 devices connected (ipphone+ pc) , Ip phone is working fine but pc is restricted and couldn't get an IP address
this is my configuration for the port : interface GigabitEthernet1/0/3
switchport access vlan 234
switchport mode access
switchport voice vlan 245
switchport port-security maximum 4
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0024.1d7e.5931
switchport port-security mac-address sticky 6899.cd84.e97a vlan voice
-----------------------------------------
sh port-security int g1/0/3
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Restrict
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 4
Total MAC Addresses : 2
Configured MAC Addresses : 0
Sticky MAC Addresses : 2
Last Source Address:Vlan : 0024.1d7e.5931:234
Security Violation Count : 0
Solved! Go to Solution.
02-10-2019 02:44 AM - edited 02-10-2019 02:45 AM
here is working for config from switch : (changed only VLAN and your MAC)
switchport access vlan 234
switchport mode access
switchport voice vlan 245
switchport port-security maximum 4
switchport port-security maximum 1 vlan access
switchport port-security maximum 1 vlan voice
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0024.1d7e.5931 <-- check the MAC Address again
switchport port-security mac-address sticky 6899.cd84.e97a vlan voice <-- check the MAC Address again
spanning-tree portfast
Let me know how it goes ?
02-10-2019 02:29 AM
Hello,
what platform is this on ?
What if you configure:
switchport port-security mac-address sticky 0024.1d7e.5931 vlan access
02-10-2019 02:44 AM - edited 02-10-2019 02:45 AM
here is working for config from switch : (changed only VLAN and your MAC)
switchport access vlan 234
switchport mode access
switchport voice vlan 245
switchport port-security maximum 4
switchport port-security maximum 1 vlan access
switchport port-security maximum 1 vlan voice
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0024.1d7e.5931 <-- check the MAC Address again
switchport port-security mac-address sticky 6899.cd84.e97a vlan voice <-- check the MAC Address again
spanning-tree portfast
Let me know how it goes ?
02-10-2019 11:55 PM
problem is solved really appreciate your help .
I just want to ask what if I add maximum 2 ? as I need to restrict two devices only to connect on this interface
02-11-2019 01:39 AM
02-11-2019 02:55 AM
Therefore, if I add maximum three it will be applicable ?
02-11-2019 04:23 AM
yes that do the job, any way even you allow more, you are already using Sticky with MAC address.
02-12-2019 01:21 AM
I'm little confused about this issue: if I sticky 2 mac address for example but maximum is 4 , that's mean if user connect addition device it will be allowed ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide