cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
516
Views
0
Helpful
2
Replies

Port-Security issues with 3750

raj-toor
Level 1
Level 1

With Port security enabled, interface comes up, but cannot see a MAC on the interface, IP phones or systems don't get an IP address.

 

May 29 07:18:57: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin logged command:logging buffered 20480
May 29 07:21:56: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin logged command:interface GigabitEthernet1/0/13
May 29 07:21:58: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin logged command:shutdown
May 29 07:22:00: %LINK-5-CHANGED: Interface GigabitEthernet1/0/13, changed state to administratively down
May 29 07:22:01: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/13, changed state to down
May 29 07:22:14: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin logged command:switchport port-security maximum 5
May 29 07:22:14: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin logged command:switchport port-security violation restrict
May 29 07:22:15: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin logged command:switchport port-security
May 29 07:22:26: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin logged command:no shutdown
May 29 07:22:27: %ILPOWER-7-DETECT: Interface Gi1/0/13: Power Device detected: IEEE PD
May 29 07:22:28: %ILPOWER-5-POWER_GRANTED: Interface Gi1/0/13: Power granted
May 29 07:22:28: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/13, changed state to down
May 29 07:23:20: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/13, changed state to up
May 29 07:23:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/13, changed state to up

 

interface GigabitEthernet1/0/13
description Br126
switchport access vlan 90
switchport mode access
switchport voice vlan 91
switchport port-security maximum 5
switchport port-security violation restrict
switchport port-security
spanning-tree portfast

 

sh mac add int gi 1/0/13
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----

 

show port-security | i Addr|1/0/13
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
Gi1/0/13 5 1 0 Restrict

Total Addresses in System (excluding one mac per port) : 7
Max Addresses limit in System (excluding one mac per port) : 6144

-----------------------------------------------------------------------------------------------

 

If i remove port-security from the interface, everything works

 

May 29 07:38:43: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin logged command:interface GigabitEthernet1/0/13
May 29 07:38:45: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin logged command:shutdown
May 29 07:38:47: %LINK-5-CHANGED: Interface GigabitEthernet1/0/13, changed state to administratively down
May 29 07:38:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/13, changed state to down
May 29 07:38:54: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin logged command:no switchport port-security maximum 5
May 29 07:38:54: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin logged command:no switchport port-security violation
May 29 07:38:56: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin logged command:no switchport port-security
May 29 07:38:58: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin logged command:no shutdown
May 29 07:38:59: %ILPOWER-7-DETECT: Interface Gi1/0/13: Power Device detected: IEEE PD
May 29 07:38:59: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (10.94.15.2)
May 29 07:39:00: %ILPOWER-5-POWER_GRANTED: Interface Gi1/0/13: Power granted
May 29 07:39:00: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/13, changed state to down
May 29 07:39:36: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/13, changed state to up
May 29 07:39:37: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/13, changed state to up

 

sh mac address-table int gi 1/0/13
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
90 c062.6bd2.ef38 DYNAMIC Gi1/0/13
91 c062.6bd2.ef38 DYNAMIC Gi1/0/13
Total Mac Addresses for this criterion: 2

 

Switch version  15.0(2)SE1

2 Replies 2

pieterh
VIP
VIP

check if the phone is connected to the switch using the correct port (labeled "switch") , same for pc to phone (labeled "PC").

Hello

Try appying the port sec maximum on the voice and vlan

int x/x
switchport port-security maximum X vlan access
switchport port-security maximum X vlan voice

sh port-security interface x/x/x



Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Review Cisco Networking for a $25 gift card