cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
22439
Views
15
Helpful
1
Replies

switchport port-security maximum

Rafael Jimenez
Level 4
Level 4

I have a 4510R switch, ((cat4500e-UNIVERSALK9-M), Version 03.05.02.E RELEASE SOFTWARE (fc1)).

I´m configuring the port-security maximum using the following commands:

switchport port-security maximum 1 vlan access
switchport port-security maximum 1 vlan voice

 

I dont know why some times this work, some times do not work.

to solve the issue I had to use the three commands:

switchport port-security maximum 2

switchport port-security maximum 1 vlan access
switchport port-security maximum 1 vlan voice

the documentation do not say nothing about if I have to use the three commands together.

1 Accepted Solution

Accepted Solutions

amikat
Spotlight

Hi,

This is an excerpt from the Configuration Guide for your box and IOS-XE release:

Each VLAN can be configured with a maximum count that is greater than the value configured on the port. Also, the sum of the maximum configured values for all the VLANs can exceed the maximum configured for the port. In either of these situations, the number of MAC addresses secured on each VLAN is limited to the lesser of the VLAN configuration maximum and the port configuration maximum. Also, the number of addresses secured on the port across all VLANs cannot exceed a maximum that is configured on the port.

The default "switchport port-security maximum" value for the port is "1". So unless you change this value to "2" your port can sense max. 1 MAC address in either vlan "access" or "voice" ONLY without triggering violation. This means that the total maximum number of MAC addresses allowed  per all configured vlans per port equals ONE at the default only.

I hope my English makes sense.

Best regards,

Antonin

 

View solution in original post

1 Reply 1

amikat
Spotlight

Hi,

This is an excerpt from the Configuration Guide for your box and IOS-XE release:

Each VLAN can be configured with a maximum count that is greater than the value configured on the port. Also, the sum of the maximum configured values for all the VLANs can exceed the maximum configured for the port. In either of these situations, the number of MAC addresses secured on each VLAN is limited to the lesser of the VLAN configuration maximum and the port configuration maximum. Also, the number of addresses secured on the port across all VLANs cannot exceed a maximum that is configured on the port.

The default "switchport port-security maximum" value for the port is "1". So unless you change this value to "2" your port can sense max. 1 MAC address in either vlan "access" or "voice" ONLY without triggering violation. This means that the total maximum number of MAC addresses allowed  per all configured vlans per port equals ONE at the default only.

I hope my English makes sense.

Best regards,

Antonin