Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
629
Views
0
Helpful
4
Replies

Port Security Issue

Jose-Net
Level 1
Level 1

‎01-22-2018 02:44 AM - edited ‎03-08-2019 01:30 PM

Hi all.

 

We recently implemented port security on almost all of our access catalyst 2960-x switches, but are encountering some issues whereby if USER1 uses his laptop on a configured port-security port, he will be able to access internet (or any network resources) compared to if he uses his laptop on a different non-configured port-security switch whereby he wont be able to access any network resources (even ping fails) unless, port-security is turned off from his original access switch

 

Note:

1. Switches are trunked together

2. Access vlan is 1

 

Running-Config (Port Security Switch):

SW-01-SEC#sh run int gig1/0/1
Building configuration...

Current configuration : 265 bytes
!
interface GigabitEthernet1/0/1
 switchport mode access
 switchport voice vlan 100
 switchport port-security maximum 2
 switchport port-security
 switchport port-security mac-address sticky
 mls qos trust cos
 spanning-tree portfast

 

 

Running-Config (Non Port-Security Switch):

 interface GigabitEthernet1/0/37
 switchport voice vlan 100
 mls qos trust cos
 spanning-tree portfast

 

 

Can anyone assist as to why this issue is happening?

 

 

Labels:
0 Helpful
4 Replies 4

Julio E. Moisa
VIP
VIP

‎01-22-2018 04:30 AM - edited ‎01-22-2018 04:35 AM

Hi

I have not faced this issue before but you could try appling aging time under each interface with port security

 

switchport port-security aging type inactivity

switchport port-security aging time <aging time in minutes>

 

It will remove the inactive mac address into a specific time. 

 

show port-security interface <interface> ; in order to see how it is applied. 

 

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Jose-Net
Level 1
Level 1
In response to Julio E. Moisa

‎01-22-2018 08:41 PM

Hi Julio,

 

Thank you for your prompt reply. Unfortunately, this is not a viable solution as it will defeat the whole purpose of access control.

 

Is there any other solution you can think of that will do the trick?

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni

‎01-22-2018 09:40 PM - edited ‎01-22-2018 10:44 PM

Hi,

I am not sure, but theoretically, I can understand that maybe will face issue with port security with sticky. Please convert to dynamic. 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Jose-Net
Level 1
Level 1
In response to Deepak Kumar

‎01-30-2018 01:19 AM

Unfortunately, configuring static entry did not resolve the issue.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card