07-07-2017 03:01 PM
Need help to configure port security, I have tried many things and the switch still does not shut down the port when the ethernet cable is plugged into a different computer. We want to be configured in a way that the port will only learn a max of 1 mac address and shutdown permanently if pluged into a different computer. However, it does not do what the commands are ordering to do. It does not record a violation in the stats and therefore does not shut down.
Please any help will be appreciated.
07-08-2017 12:55 AM
Could you please provide the configuration that you have applied to enable port security?
07-10-2017 10:15 AM
This is probably what you want:
07-10-2017 10:20 AM
Hello and thank you for responding,
This what the current config says on port 1/1/7
interface ethernet 1/1/7
As of now there is no mac address recorded or saved because nothing is plugged in and used the clear command to remove recorded mac addresses.
What I am asked to do is to program this and other 2 ports to learn only one mac address without having to enter one manually, and once the port has learned one mac address; set the violation to shut the port down in a second mac is detected.
However, when I plug into a second device the port does not shutdown and no violation is recorded when accessing the port security mac stat command.
Your assistance is greatly appreciated.
07-10-2017 10:23 AM
the config guide is for NOS based Platforms ( VDX Series )
---->>>This is probably what you want:
07-10-2017 10:57 AM
Thank you for respodning,
I really appreciate your help, but wha they want me to configure is for the port to automatically save the mac address as secure and not having to input manually since I have many other switches to configure for port security.
07-14-2017 08:56 AM
The port security command should have taken you to a sub configuration mode where you can specify the number of MAC addresses you want to allow on the interface. In your case that would be 1. Please refer to the example below
device(config)#interface ethernet 1/7/11
You then can specify an action to be taken when a violation occurs by either dropping packets using command "violation restrict", or disabing the interface with "violation shutdown"
Lastly, you can make the switch save the learned MAC addresses for when the switch gets rebooted
Please refer to the security guide below for further information.
Hope this helps addressing your concern