03-29-2012 06:35 AM - edited 03-07-2019 05:51 AM
Hello,
I have a Catalyst 2950G when I activate the switchport port-security, but I want to empty the black list of mac address because every time I connect a device, the port is automatically désacative, here is the port configuration:
!
interface FastEthernet0 / 2
switchport access vlan 17
switchport mode access
switchport voice vlan 51
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 5
switchport port-security aging inactivity kind
no cdp enable
spanning-tree portfast
end
I tried the following commands to clear the blacklist mac address of that port, but the problem is still relevant:
# Clear mac-address-table dynamic int fa0 / 2
# clear port-security all int fastethernet 0/2
# clear errdisable interface fa0 / 2 vlan
Thank you in advance for your support
03-30-2012 03:18 PM
Hi jszapipes,
The terminal monitor error received when he plugged in the device confirms it's port-security putting the port in err-disable
psecure-violation error detected on Fa0/2, putting Fa0/2 in err-disable state
Otherwise the message would've said that it received a BPDU packet on a portfast port and it would disable it not a psecure(port-security) statement.
Jonathan S
03-30-2012 03:17 PM
The port- security max 5 statement, correct me if I'm wrong, should allow the switchport to recognize and allow only the first 5 macs it sees. But if the port was disabled when the port stated max 3 you must first bring the port out of err-disabled state for any other devices to be recognized.
Sent from Cisco Technical Support iPhone App
04-03-2012 05:16 AM
Hello,
first i have to disable switchport port-security (no switchport port-security) then i put
#switchport port-security mac-address sticky
it working now,the port is enable:
switchport access vlan 17
switchport mode access
switchport voice vlan 51
switchport port-security maximum 3
switchport port-security aging time 5
switchport port-security aging type inactivity
switchport port-security mac-address sticky
switchport port-security mac-address sticky d067.e523.b24f
spanning-tree portfast
end
But i well test if the ports well be disable after connecting to it an other switch who have a lot of adresse mac wiche are connected to it(flood of adresse mac),if it well be disable so it's ok for me :-)
i informe you any way.
thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide