Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1521
Views
0
Helpful
5
Replies

port security and hubs

Andy White
Level 3
Level 3

‎04-19-2013 07:19 AM - edited ‎03-07-2019 12:55 PM

Hello,

I have a switch were I have added the following to the user ports:

errdisable recovery cause psecure-violation

errdisable recovery interval 60

interface fa x/x

switchport mode access

switchport port-security

spanning-tree portfast

spanning-tree bpduguard enable

On the hub port which has 7 ports (1 for uplink)

switchport mode access

switchport port-security

spanning-tree portfast

switchport port-fast maximum 7

spanning-tree bpduguard enable

Now a user took her laptop from the hub and moved to a port of the switch and the port went into err-disabled, how can I guess the mac-address of the her laptop stays inthe mac address table for 5 mins, what options do I have?  I need user to "roam" but also keep security as i don't want someone flooding ht CAM table with bogus mac addresses.

Thanks

Labels:
0 Helpful
5 Replies 5

cflory
Level 1
Level 1

‎04-19-2013 09:39 AM

I'm assuming 'switchport port-fast maximum 7' is a mistype?  Because that command doesn't exist, and could be your problem if you tried to enter it.

If it is, what does the output of 'show port-security interface ' give you, as far as Maximum MAC Addresses?

0 Helpful

aras.sepehri
Level 1
Level 1

‎04-19-2013 10:21 PM

If traffic with a secure MAC address that is configured or learned on one secure port attempts to access another secure port in the same VLAN, the switch will apply the configured violation mode

You can use aging type and aging time to clear  [inactive] learned addresses from a port.

Switch(config-if)# switchport port-security aging time 5


Switch(config-if)# switchport port-security aging type inactivity
0 Helpful

Andy White
Level 3
Level 3
In response to aras.sepehri

‎04-22-2013 02:52 AM

Hello,

That command does exist:

switchport port-security maximum ?

  <1-6144>  Maximum addresses

Means I could have an 8 port hub plugged into a port but lock it down to 8 mac addresses fromt hat port, or have I missed something?

0 Helpful

cflory
Level 1
Level 1
In response to Andy White

‎04-22-2013 04:19 AM

Agreed, that command works, but that's not what you originally posted:

switchport port-fast maximum 7

0 Helpful

Andy White
Level 3
Level 3
In response to cflory

‎04-22-2013 04:41 AM

I see what you mean, don't know how that happened, my apologies.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card