Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3444
Views
0
Helpful
17
Replies

putting Fa0/2 in err-disable state

ennajibrahim
Level 1
Level 1

‎03-29-2012 06:35 AM - edited ‎03-07-2019 05:51 AM

Hello,

I have a Catalyst 2950G when I activate the switchport port-security, but I want to empty the black list of mac address because every time I connect a device, the port is automatically désacative, here is the port configuration:

!

interface FastEthernet0 / 2

  switchport access vlan 17

  switchport mode access

  switchport voice vlan 51

  switchport port-security maximum 3

  switchport port-security

  switchport port-security aging time 5

  switchport port-security aging inactivity kind

  no cdp enable

  spanning-tree portfast

end

  I tried the following commands to clear the blacklist mac address of that port, but the problem is still relevant:

# Clear mac-address-table dynamic int fa0 / 2

# clear port-security all int fastethernet 0/2

# clear errdisable interface fa0 / 2 vlan

Thank you in advance for your support

Labels:
0 Helpful
17 Replies 17

joaniesylvain
Level 1
Level 1
In response to jszapipes

‎03-30-2012 03:18 PM

Hi jszapipes,

The terminal monitor error received when he plugged in the device confirms it's port-security putting the port in err-disable

psecure-violation error detected on Fa0/2, putting Fa0/2 in err-disable state

Otherwise the message would've said that it received a BPDU packet on a portfast port and it would disable it not a psecure(port-security) statement.

Jonathan S

0 Helpful

jszapipes
Level 1
Level 1

‎03-30-2012 03:17 PM

The port- security max 5 statement, correct me if I'm wrong, should allow the switchport to recognize and allow only the first 5 macs it sees. But if the port was disabled when the port stated max 3 you must first bring the port out of err-disabled state for any other devices to be recognized.

Sent from Cisco Technical Support iPhone App

0 Helpful

ennajibrahim
Level 1
Level 1

‎04-03-2012 05:16 AM

Hello,

first i have to disable switchport port-security (no switchport port-security) then i put

#switchport port-security mac-address sticky

it working now,the port is enable:

switchport access vlan 17

switchport mode access

switchport voice vlan 51

switchport port-security maximum 3

switchport port-security aging time 5

switchport port-security aging type inactivity

switchport port-security mac-address sticky

switchport port-security mac-address sticky d067.e523.b24f

spanning-tree portfast

end

But i well test if the ports well be disable after connecting to it an other switch who have a lot of adresse mac wiche are connected to it(flood of adresse mac),if it well be disable so it's ok for me :-)

i informe you any way.

thank you

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card