Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
406
Views
0
Helpful
1
Replies

switch port security

prashantdwivedi
Level 1
Level 1

‎10-20-2010 03:44 AM - edited ‎03-06-2019 01:37 PM

1...is err disable state is by default violation mode for switches?

2.what is the purpose of protced mode of violation after violation occur still port is in on condition and port status is gree..

if this happen how does administrator will identify that some violation has been occured?

Labels:
0 Helpful
1 Reply 1

Douglas Holmes
Level 1
Level 1

‎10-20-2010 05:30 AM

The respose to question one is yes. Error disable is on by default.  However you have the option of using:

errdisable recovery cause XXX

errdisable recovery interval XXX

Lets say you set the port to disable after already seeing two mac addresses.  You can set the port to check again in say 5 minutes, if the condition has been corrected (third mac address removed from the switch) the port will reset itself from its condition.  In this example the commands would be:

errdisable recovery cause psecure

errdisable recovery interval 300

Number Two

Per Cisco:  "Protect—when the number of secure MAC addresses  reaches the maximum limit allowed on the port, packets with unknown  source addresses are dropped until you remove a sufficient number of  secure MAC addresses to drop below the maximum value or increase the  number of maximum allowable addresses. You are not notified that a  security violation has occurred."

Number Three


If you run SNMP, you will be able get an alert of the effected port. 

snmp-server enable traps errdisable

snmp-server enable traps port-security

0 Helpful
Customers Also Viewed These Support Documents