Re: SG 200 Port security not working?

fredrik.palsson · ‎01-26-2014

I was planning on using the SG 200-08 as a simple way to filter out all trafic but from two servers to some of my devices. The plan was to use port security and allow only the MAC-addresses of these servers on port 1.

1. I go to Security -> Port security and set Admin Mode: Enable to true. I apply the change

2. Then I set port 1 to locked, max 2 static addresses, max 0 dynamic addresses, Action on violation: Discard.

3. Then I go to MAC Address Tables -> Static addresses and add the two MAC-addresses I want to let thru. Status is set to Secure.

4. Copy Running Config to Startup Config.

This works well, but as soon as the switch is rebooted the Status field of the MAC-addresses entered in step 3 are changed from Secure to Permanent.

This effectively means the switch only does what I want till it is rebooted.

Does anyone know how to work around this problem or bug?

See attached picture for explanation if my text is not good enough.

MrFreeze007 · ‎11-14-2017

Hello!

I have the same problem.

Function PORT SECURITY does not working properly.

Firmware Version: 1.0.8.3

Georg Pauwen · ‎11-15-2017

Hello,

just to be sure, after configuring Port Security, have you actually hit 'Apply' ? Copying the running to the startup configuration shouldn't be necessary...

MrFreeze007 · ‎11-15-2017

Yes, of course I hit 'Apply'.

I add static mac address on port 1.

Lock port 1.

Then I tuned on PORT SECURITY.

Function working properly until I reboot the switch.

After reboot function 'PORT SECURITY' not working properly. I need OFF then ON function.

Georg Pauwen · ‎11-15-2017

Hello,

ok. Is the port (or are the ports) in question configured in Classic locked mode ?

MrFreeze007 · ‎11-15-2017

I have only this configuration 'PORT SECURITY'

Georg Pauwen · ‎11-15-2017

Hello,

I have attached the SG-200 user guide, go to page 262, where the four port security modes are described. The first one, Classic Lock, is required...

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbss/sf20x_sg20x/administration_guide/78-21139.pdf

MrFreeze007 · ‎11-15-2017

I am using SG200-08.

I have attached the SG200-08 user guide, go to page 155, where the four port security modes are described.

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbss/sg200/administration_guide/78-19562.pdf

This device does not have these settings (Type of Lock).

Georg Pauwen · ‎11-16-2017

Hello,

my bad, I looked at the wrong user guide for your model...:(

Either way, in 99 percent of the cases, these problems are caused by the firmware. Try to downgrade to a lower version such as 1,5, or 1.6, or 1.7. I have attached all three versions. There is no documentation unfortunately, so it is trial and error...

The files are renamed to .jpg because the system doesn't let us upload .stk files. Once you download the files, rename them to .stk files

MrFreeze007 · ‎11-20-2017

Hello!

I downgraded version firmware to 1.0.7.4, then to 1.0.6.2, then to 1.0.5.1

However, the problem remained.