Ethernet Fabric (VDX, CNA)

Reply
New Contributor
Posts: 4
Registered: ‎01-06-2015

Interface Port-security static MAC Address not working VDX 6740

I have a problem I found at work, a customer wants to set static mac addresses with maximum 1 mac address on a given switched port, when I tested in my lab on 2 VDX 6740 with different firmware versions; 5.0.1, 5.0.1a and 4.1.3.. it didn't record any violations when other PCs with different mac addresses were connected

The configuration was the following, 

Interface Te 1/0/1

switchport

switchport port-security max 1

switchport port-security violation shutdown

switchport port-security mac-address xxxx.xxxx.xxxx vlan 1

switchport access vlan 1

switchport mode access

 

I tried many ports with different hosts and to no avail,

show port-security interface te 1/0/1 showed no violation counts and port didn't shutdown

The interesting part; when I tried sticky, it worked as expected..

Any help would be appreciated

Thanks in advance

Brocadian
Posts: 2
Registered: ‎02-21-2012

Re: Interface Port-security static MAC Address not working VDX 6740

Hi Wall-Ed,

you try with the following config: 

Interface Te rb-id/slot/port-id

switchport

switchport port-security max 1

switchport port-security violation shutdown

switchport port-security sticky mac-address xxxx.xxxx.xxxx vlan Y

switchport access vlan Y

switchport mode access

 

 

You don't connect any device before edit the port configuration

The mac-address used in port-security command will be added in the mac-address table (type=static).

 

As defined in port-security command if you connect a device with a different mac-address the port goes in shutdown.

I have tested this config with n°2 6740 in logical chassis (release 4.1.0a).

 

I hope it's useful

Ciao

 

 

 

 

New Contributor
Posts: 4
Registered: ‎01-06-2015

Re: Interface Port-security static MAC Address not working VDX 6740

Hello

I tried as you suggested, and here was my configuration, I also didn't attach any device before executing these commands :- 

int te 1/0/45

no fabric isl enable
no fabric trunk enable
switchport
switchport port-security
switchport port-security max 1
switchport port-security sticky mac-address 28d2.442d.8e4f vlan 1
switchport port-security shutdown-time 1
switchport mode access
switchport access vlan 1
spanning-tree shutdown
shutdown

 

And I attached  a device then with a mac address different than the one in the configuration in order to trigger the port violation, but nothing happened

 

sw0# show port-security interface tengigabitethernet 1/0/45
Port Security : Enabled
Port Status : Up
Violation Mode : Shutdown
Violated : No
Sticky Enabled : Yes
Maximum MAC addresses : 1
Total MAC addresses : 1
Configured MAC addresses : 0
Last violation time :
Shutdown time (in Minutes) : 1
Number of OUIs configured : 0

 

And after I checked the interface configuration again, this was the output:

 

interface TenGigabitEthernet 1/0/45
no fabric isl enable
no fabric trunk enable
switchport
switchport port-security
switchport port-security max 1
switchport port-security sticky mac-address 28d2.442d.8e4f vlan 1
switchport port-security sticky mac-address d8d3.850d.a2db vlan 1
switchport port-security shutdown-time 1
switchport mode access
switchport access vlan 1
spanning-tree shutdown
no shutdown

 

 

And then, when I attached the allowed original mac address, the result was the port was shutdown, the port-security considered the intended allowed mac address to be a violation

I would like any help related to this issue and I thank you for your effort, it also unusual why static simple port security doesn't work!

 

Thanks in advance, BR.

 

Brocadian
Posts: 2
Registered: ‎02-21-2012

Re: Interface Port-security static MAC Address not working VDX 6740

Hi,

You try without the command:
switchport port-security shutdown-time 1 (default value 0)

Delete also the new mac address added

 

I can confirm it works with my previous configuration.

 

Ciao

New Contributor
Posts: 4
Registered: ‎01-06-2015

Re: Interface Port-security static MAC Address not working VDX 6740

Hi 

I did as you suggested and still didn't work, we opened a case with TAC and they told us we have to use "oui" mac-address security,

and it still didn't work, awaiting reply from TAC.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.