Ethernet Fabric (VDX, CNA)

Reply
New Contributor
Posts: 4
Registered: ‎01-06-2015

Interface Port-security static MAC Address not working VDX 6740

I have a problem I found at work, a customer wants to set static mac addresses with maximum 1 mac address on a given switched port, when I tested in my lab on 2 VDX 6740 with different firmware versions; 5.0.1, 5.0.1a and 4.1.3.. it didn't record any violations when other PCs with different mac addresses were connected

The configuration was the following, 

Interface Te 1/0/1

switchport

switchport port-security max 1

switchport port-security violation shutdown

switchport port-security mac-address xxxx.xxxx.xxxx vlan 1

switchport access vlan 1

switchport mode access

 

I tried many ports with different hosts and to no avail,

show port-security interface te 1/0/1 showed no violation counts and port didn't shutdown

The interesting part; when I tried sticky, it worked as expected..

Any help would be appreciated

Thanks in advance

Brocadian
Posts: 3
Registered: ‎02-21-2012

Re: Interface Port-security static MAC Address not working VDX 6740

Hi Wall-Ed,

you try with the following config: 

Interface Te rb-id/slot/port-id

switchport

switchport port-security max 1

switchport port-security violation shutdown

switchport port-security sticky mac-address xxxx.xxxx.xxxx vlan Y

switchport access vlan Y

switchport mode access

 

 

You don't connect any device before edit the port configuration

The mac-address used in port-security command will be added in the mac-address table (type=static).

 

As defined in port-security command if you connect a device with a different mac-address the port goes in shutdown.

I have tested this config with n°2 6740 in logical chassis (release 4.1.0a).

 

I hope it's useful

Ciao

 

 

 

 

New Contributor
Posts: 4
Registered: ‎01-06-2015

Re: Interface Port-security static MAC Address not working VDX 6740

Hello

I tried as you suggested, and here was my configuration, I also didn't attach any device before executing these commands :- 

int te 1/0/45

no fabric isl enable
no fabric trunk enable
switchport
switchport port-security
switchport port-security max 1
switchport port-security sticky mac-address 28d2.442d.8e4f vlan 1
switchport port-security shutdown-time 1
switchport mode access
switchport access vlan 1
spanning-tree shutdown
shutdown

 

And I attached  a device then with a mac address different than the one in the configuration in order to trigger the port violation, but nothing happened

 

sw0# show port-security interface tengigabitethernet 1/0/45
Port Security : Enabled
Port Status : Up
Violation Mode : Shutdown
Violated : No
Sticky Enabled : Yes
Maximum MAC addresses : 1
Total MAC addresses : 1
Configured MAC addresses : 0
Last violation time :
Shutdown time (in Minutes) : 1
Number of OUIs configured : 0

 

And after I checked the interface configuration again, this was the output:

 

interface TenGigabitEthernet 1/0/45
no fabric isl enable
no fabric trunk enable
switchport
switchport port-security
switchport port-security max 1
switchport port-security sticky mac-address 28d2.442d.8e4f vlan 1
switchport port-security sticky mac-address d8d3.850d.a2db vlan 1
switchport port-security shutdown-time 1
switchport mode access
switchport access vlan 1
spanning-tree shutdown
no shutdown

 

 

And then, when I attached the allowed original mac address, the result was the port was shutdown, the port-security considered the intended allowed mac address to be a violation

I would like any help related to this issue and I thank you for your effort, it also unusual why static simple port security doesn't work!

 

Thanks in advance, BR.

 

Brocadian
Posts: 3
Registered: ‎02-21-2012

Re: Interface Port-security static MAC Address not working VDX 6740

Hi,

You try without the command:
switchport port-security shutdown-time 1 (default value 0)

Delete also the new mac address added

 

I can confirm it works with my previous configuration.

 

Ciao

New Contributor
Posts: 4
Registered: ‎01-06-2015

Re: Interface Port-security static MAC Address not working VDX 6740

Hi 

I did as you suggested and still didn't work, we opened a case with TAC and they told us we have to use "oui" mac-address security,

and it still didn't work, awaiting reply from TAC.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook