Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2584
Views
0
Helpful
2
Replies

Port Security on a 2960 switch

Go to solution
nbhayman1
Level 1
Level 1

‎02-10-2018 11:30 AM - edited ‎03-08-2019 01:47 PM

Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!

 

Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow along on the switch as I go. Here's what I've done as evidenced by the show run config command:

 

interface FastEthernet0/2
switchport mode access
switchport port-security

According to the book this should enable Port Security on the port with the following defaults

Max allowed addresses 1

Action Shutdown

The book goes on to say that predefining any mac-addresses is optional and sticky learning is optional as well.  I plug one of my MacBooks into Fa0/2, and console responds with up/up. I unplug and plug another MacBook into Fa0/2 and it goes up/up again and doesn't go down. do it a few more times and still no shutdown.  I do a show port-security and I see that every time  I unplug a MacBook, the current address count goes back to zero.

 

2960#sh port
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
---------------------------------------------------------------------------
Fa0/2 1 0 0 Shutdown

 

So either the book fails to mention that for the port security default action to take place, their needs to be a defined or sticky learned address, or I'm doing something wrong. 

 

 

Thanks

 

 

 

 

 

 

 



Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marc66
Level 1
Level 1

‎02-11-2018 02:21 AM

Hey :)

It's normal, port-security in your config will allow only 1 device on that port. So if you plug another switch for example into that port, the port will indeed shutdown as soon as you plug your macbook into that new switch ;)

If you want the switch to learn the first mac address and allow only that mac address to be allowed on that port, you need to issue the following command on the port:

switchport port-security mac-address sticky

Marc

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marc66
Level 1
Level 1

‎02-11-2018 02:21 AM

Hey :)

It's normal, port-security in your config will allow only 1 device on that port. So if you plug another switch for example into that port, the port will indeed shutdown as soon as you plug your macbook into that new switch ;)

If you want the switch to learn the first mac address and allow only that mac address to be allowed on that port, you need to issue the following command on the port:

switchport port-security mac-address sticky

Marc
0 Helpful

Go to solution
nbhayman1
Level 1
Level 1
In response to Marc66

‎02-11-2018 01:41 PM

Marc66,

Thanks so much for the explanation ! I didn’t have an extra switch to test the scenario, however I set it up in packet tracer with a trunk between the two switches and the default port security on the port on the far side of the scenario and when I connected a pc it did exactly what you said it would. So with two switches and a pc, the default Port security setup on the far switch is shutting down the port because the the port with the security configured already has the Mac address of the interface of the other end of the trunk in its table and when the pc gets added it gets pushed past one.
Got it.
Thanks again
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card