09-27-2011 05:56 AM - edited 03-07-2019 02:27 AM
Hi,
Following commands will be configured for allowing only one single mac (dynamic) to be used on a switch port fa0/1.
switchport port-security
switchport port-security violation shutdown
so , in this case, if user A connects his laptop to fa0/1, he wil be allowed to access the port. Now if user B connects a different laptop to fa0/1, the port should shutdown by itself and generate an err-disable state, if my understanding is correct.
My query is if user B needs to be allowed to access fa0/1 , what should be done. should the port be shut & no shut or do i remove the security configurations and then do a shut / no-shut.
thanks.
Solved! Go to Solution.
09-27-2011 07:01 AM
hi,
normaly you have to configure follow:
switchport port-security
switchport port-security mac-address sticky
(switchport port-security violation shutdown - that is the default)
The switchport learns the MAC and insert a line in the config e.g.:
switchport port-security mac-address sticky 0009.0009.0009
When user B connects his notebook to the port - it is going in err-disabled state. (show int status err)
to connect user B you have to do 3 steps:
no switchport port-security mac-address sticky 0009.0009.0009
shut
no shut
If you want to allow more than one MAC:
switchport port-security maximum [X]
Hope I could help you.
so long
09-27-2011 06:57 AM
Hi,
if you want 2 MAC addresses on a port with port-security enabled then you'll have to change the default of max 1 to
2 with the command switchport port-security maximum 2.
Then you can shut/no shut and user B should be accepted.
One remark the default violation mode is shutdown so no need to configure it.
Regards.
Alain.
09-27-2011 07:01 AM
hi,
normaly you have to configure follow:
switchport port-security
switchport port-security mac-address sticky
(switchport port-security violation shutdown - that is the default)
The switchport learns the MAC and insert a line in the config e.g.:
switchport port-security mac-address sticky 0009.0009.0009
When user B connects his notebook to the port - it is going in err-disabled state. (show int status err)
to connect user B you have to do 3 steps:
no switchport port-security mac-address sticky 0009.0009.0009
shut
no shut
If you want to allow more than one MAC:
switchport port-security maximum [X]
Hope I could help you.
so long
09-27-2011 07:35 AM
Well, when you run Port-Security the default is just to allow one mac address and hte default violation is shutdown. I agree with the second post, that said to just allow a maximum of 2. 'switchport port-security maximum 2'. Although, I dont think you have to shut and no shut the device unless a third host attempts to connect which would then trigger the default violation of shutdown(correct me if I'm wrong). Also, if you don't run the command 'switchport port-security mac-address sticky' the specific mac addresses will not be saved if you have to restart the switch for anything.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide