cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
757
Views
0
Helpful
4
Replies

Port Security Issue

Jose-Net
Level 1
Level 1

Hi all.

 

We recently implemented port security on almost all of our access catalyst 2960-x switches, but are encountering some issues whereby if USER1 uses his laptop on a configured port-security port, he will be able to access internet (or any network resources) compared to if he uses his laptop on a different non-configured port-security switch whereby he wont be able to access any network resources (even ping fails) unless, port-security is turned off from his original access switch

 

Note:

1. Switches are trunked together

2. Access vlan is 1

 

Running-Config (Port Security Switch):

SW-01-SEC#sh run int gig1/0/1
Building configuration...

Current configuration : 265 bytes
!
interface GigabitEthernet1/0/1
 switchport mode access
 switchport voice vlan 100
 switchport port-security maximum 2
 switchport port-security
 switchport port-security mac-address sticky
 mls qos trust cos
 spanning-tree portfast

 

 

Running-Config (Non Port-Security Switch):

 interface GigabitEthernet1/0/37
 switchport voice vlan 100
 mls qos trust cos
 spanning-tree portfast

 

 

Can anyone assist as to why this issue is happening?

 

 

4 Replies 4

Hi

I have not faced this issue before but you could try appling aging time under each interface with port security

 

switchport port-security aging type inactivity

switchport port-security aging time <aging time in minutes>

 

It will remove the inactive mac address into a specific time. 

 

show port-security interface <interface> ; in order to see how it is applied. 

 

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Hi Julio,

 

Thank you for your prompt reply. Unfortunately, this is not a viable solution as it will defeat the whole purpose of access control.

 

Is there any other solution you can think of that will do the trick?

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

I am not sure, but theoretically, I can understand that maybe will face issue with port security with sticky. Please convert to dynamic. 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Unfortunately, configuring static entry did not resolve the issue.

Review Cisco Networking for a $25 gift card