Ethernet Switches & Routers

Reply
New Contributor
sd5867
Posts: 2
Registered: ‎07-20-2012

Problem with Port Security

I am having a problem with port security and saving MAC addresses.  Currently we run ICX6450's in a VOIP network.  We want to prevent people from trying to plug in another computer to their port, but we don't want to disable the port, due to the fact that the phone won't work if it does.  We opted to try to implement the restrict policy and it works as long as people do not unplug their phones.  One of our techs found a work around where if they unplug a phone and the computer then when the plug a new computer in, the new computer works.  The phones boot onto the data vlan and then reboot onto the voice vlan.  Here is a sample of the current config we are running.

Config setup:

!

port security

autosave 20

!

vlan 212 name DATA by port

router-interface ve 212

!

vlan 213 name VOICE by port

router-interface ve 213

!

interface ethernet 1/1/18

dual-mode  212

spanning-tree 802-1w admin-edge-port

inline power power-by-class 2

trust dscp

port security

  enable

  maximum 3

  violation restrict 0

  secure-mac-address 0010.491f.cb5d 212  (phone data)

  secure-mac-address 0012.3f40.864e 212  (Computer data)

  secure-mac-address 0010.491f.cb5d 213  (phone voice)

Thanks for any help in advance.

New Contributor
oklier1
Posts: 3
Registered: ‎07-26-2012

Re: Problem with Port Security

Have you tried to add the following:

port security

age 0

Setting the port security age timer

By default, learned MAC addresses stay secure indefinitely. You can optionally configure the device

to age out secure MAC addresses after a specified amount of time.

To set the port security age timer to 10 minutes on all interfaces, enter the following commands.

Brocade(config)#port security

Brocade(config-port-security)#age 10

To set the port security age timer to 10 minutes on a specific interface, enter the following

commands.

Brocade(config)#interface ethernet 7/11

Brocade(config-if-e1000-7/11)#port security

Brocade(config-port-security-e1000-7/11)#age 10

Syntax: age <minutes>

The <minutes> variable specifies a range from 0 through 1440 minutes.The default is 0 (never age

out secure MAC addresses).

NOTE

Even though you can set age time to specific ports independent of the device-level setting, the actual

age timer will take the greater of the two values. Thus, if you set the age timer to 3 minutes for the

port, and 10 minutes for the device, the port MAC aging happens in 10 minutes (the device-level

setting), which is greater than the port setting that you have configured.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.