Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8103
Views
5
Helpful
6
Replies

Port status secure-down but device is connected to the port.

umer zubairi
Level 1
Level 1

‎02-04-2016 04:52 AM - edited ‎03-08-2019 04:28 AM

Gents,

Got an issue with a 3750X series to which my Access Points are connected.

One of the ports is showing secure-down although an AP is connected to it.

Output is given hereunder:

Port Security : Enabled
Port Status : Secure-down
Violation Mode : Restrict
Aging Time : 5 mins
Aging Type : Inactivity
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 2
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0

Any option to bring this port back to life?

Thanks in advance!!

1 person had this problem
Labels:
6 Replies 6

Mark Malone
VIP Alumni
VIP Alumni

‎02-04-2016 05:24 AM

Hey

port-security on the port has most likely  shut it down , what's the show run off that port ? If you do show mac address for that interface is it seeing more than 2 macs  ?

If you remove ps does it come back up least that will identify it as port security issue

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to Mark Malone

‎02-04-2016 05:45 AM

Hi Umer, Mark,

Hmmm, this does not look like a port being err-disabled because of security violation. The violation action on this port is Restrict, not Shutdown, so the port would not have been shutdown as a result of a security violation, and even then, the port reports 0 violations so far.

What does the show interfaces interface-name status say? In addition, what would the show interfaces status err-disabled output be?

Best regards,
Peter

0 Helpful

umer zubairi
Level 1
Level 1
In response to Peter Paluch

‎02-04-2016 06:16 AM

Thanks Mark & Peter for quick response.

Below is the output of int status where you can see port Gi1/0/12 is showing no device connected though an AP is connected to it.

IDF-65#sh int status

 

Port      Name               Status     Vlan           Duplex  Speed Type

Gi1/0/1   IP-Telephone     connected     150           a-full a-1000 10/100/1000Ba

Gi1/0/2   IP-Telephone     connected     150           a-full a-1000 10/100/1000Ba

Gi1/0/3   IP-Telephone     connected     150           a-full a-1000 10/100/1000Ba

Gi1/0/4   IP-Telephone     connected     150           a-full a-1000 10/100/1000Ba

Gi1/0/5   IP-Telephone     connected     150           a-full a-1000 10/100/1000Ba

Gi1/0/6   IP-Telephone     connected     150           a-full a-1000 10/100/1000Ba

Gi1/0/7   IP-Telephone     connected     190           a-full a-1000 10/100/1000Ba

Gi1/0/8   IP-Telephone     connected     190           a-full a-1000 10/100/1000Ba

Gi1/0/9   Wireless AP      connected     190           a-full a-1000 10/100/1000Ba

Gi1/0/10  Wireless AP      connected     190           a-full a-1000 10/100/1000Ba

Gi1/0/11  Wireless AP      connected     190           a-full a-1000 10/100/1000Ba

 

Port      Name               Status     Vlan         Duplex  Speed Type

Gi1/0/12  Wireless AP      notconnect    190            auto   auto 10/100/1000Ba

Gi1/0/13  Wireless AP      connected     190           a-full a-1000 10/100/1000Ba

Gi1/0/14  Wireless AP      connected     190           a-full a-1000 10/100/1000Ba

Gi1/0/15  Wireless AP      connected     190           a-full a-1000 10/100/1000Ba

Gi1/0/16  Wireless AP      connected     190           a-full a-1000 10/100/1000Ba

Gi1/0/17                     disabled     1             auto   auto 10/100/1000Ba

Gi1/0/18                     disabled     1             auto   auto 10/100/1000Ba

Gi1/0/19                     disabled     1             auto   auto 10/100/1000Ba

Gi1/0/20                     disabled     1             auto   auto 10/100/1000Ba

Gi1/0/21                     disabled     1             auto   auto 10 /100/1000Ba

Gi1/0/22                     disabled     1             auto   auto 10/100/1000Ba

Gi1/0/23                     disabled     1             auto   auto 10/100/1000Ba

 

Port      Name               Status       Vlan       Duplex  Speed Type

Gi1/0/24                     disabled     1             auto   auto 10/100/1000Ba

Gi1/1/1   dist (A) uplink   connected    trunk         a-full a-1000 1000BaseLX SF

Gi1/1/2   dist (B) uplink   connected    trunk         a-full a-1000 1000BaseLX SF

Gi1/1/3                     notconnect   1              auto   auto Not Present

Gi1/1/4                     notconnect   1              auto   auto Not Present

Fa0                         notconnect   routed         auto   auto 10/100BaseTX

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to umer zubairi

‎02-04-2016 07:21 AM

Just some options

have you tried move it to another port say 17 or changed the cable out on the ap or if its patched connect ap directly to the switch port bypass patch as a test ? notconnect can be a layer 1 issue

Was the ap up on that port working before ?

Is the config identical to 13/14 etc ?

0 Helpful

umer zubairi
Level 1
Level 1
In response to Mark Malone

‎02-04-2016 03:19 PM

Yup Mark I connected the same AP to another port using the same patch cord that was previously used on Gi1/0/12 and found it working seamlessly. Don't know what happened to Gi1/0/12, before it was working fine when we did the wireless heat-mapping. Now it's not showing any signs of connectivity. 

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to umer zubairi

‎02-05-2016 12:38 AM

Yes ports do go but rarely least you have ruled out any cabling/patching issues causing it and the ap works in another port so that's ok too , you could try run a diagnostic test from the switch see if hardware reports anything regarding that port

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swgold.html

diagnostic start switch 1 test

0 Helpful
Customers Also Viewed These Support Documents