Unsolved

This post is more than 5 years old

7 Posts

96468

October 17th, 2014 05:00

N2000 (6.1.1.7) port security

Dear Expert, 

We are using N2048, which firmware 6.1.1.7, and would like to apply port security to limit the mac address to one. We connect one PC to this port only. However, the PC cannot connect to the network. 

Then, we increase the port security max to 2 and below is the output. The PC can connect to the network now. The number of dynamic addresses is 2 (highlighted in red) in the output below, but only one mac address is shown. If we unplup the PC from the port and the port goes down, the mac address is not in the show port security anymore and the dynamic entry is reduced to 1. 

Please advise. 

===============================================================

DV115SW03#show running-config interface gigabitethernet 2/0/20

storm-control broadcast
storm-control multicast
storm-control unicast
ip dhcp snooping limit rate 100
ip verify source
ip arp inspection limit rate 100 burst interval 1
spanning-tree portfast
switchport access vlan 521
port security discard
port security max 2

DV115SW03#

DV115SW03#show inter sta | in 2/0/20

Gi2/0/20 521 Full 1000 Auto Up Active

DV115SW03#show mac address-table interface gigabitethernet 2/0/20

Aging time is 300 Sec

Vlan Mac Address Type Port
-------- --------------------- ----------- ---------------------
521 8851.FB5B.C654 Dynamic Gi2/0/20


DV115SW03#show ports security addresses gigabitethernet 2/0/20

Dynamic addresses: 2

Maximum addresses: 2


Learned addresses
------- ---------
8851.FB5B.C654


DV115SW03#show ip dhcp snooping binding | include 2/0/20

8851.FB5B.C654 10.19.1.40 521 Gi2/0/20 DYNAMIC 168921

DV115SW03#

7 Posts

October 22nd, 2014 02:00

Dear Daniel,

The user turned on sleep mode on her computer before lunch. The computer was not able to connect to the network afterwards and an "!" is shown in the right bottom of the desktop. Then, we cleared the mac address table, but we are not able to clear the dynamic address counter in port security. The connectivity is resumed by increasing the port security max to a higher value. Below are the logs:

========================================================

DV115SW03#show ports security addresses gi2/0/20

Dynamic addresses: 2

Maximum addresses: 2

Learned addresses

------- ---------

DV115SW03#show interfaces status | include Gi2/0/20

Gi2/0/20                            521   Full   1000    Auto Up     Active

DV115SW03#clear mac address-table dynamic interface Gi2/0/20

DV115SW03#show ports security addresses gi2/0/20

Dynamic addresses: 2

Maximum addresses: 2

Learned addresses

------- ---------

DV115SW03#show running-config interface gi2/0/20

storm-control broadcast

storm-control multicast

storm-control unicast

ip dhcp snooping limit rate 100

ip verify source

ip arp inspection limit rate 100 burst interval 1

spanning-tree portfast

switchport access vlan 521

port security discard

port security max 2

DV115SW03#show ip dhcp snooping binding | include Gi2/0/20

  8851.FB5B.C654       10.19.1.40   521     Gi2/0/20  DYNAMIC       172594

DV115SW03#show mac address-table interface gi2/0/20

Aging time is 300 Sec

Vlan     Mac Address           Type        Port

-------- --------------------- ----------- ---------------------

Forwarding Database Empty.

DV115SW03#show ports security addresses gi2/0/20

Dynamic addresses: 2

Maximum addresses: 2

Learned addresses

------- ---------

DV115SW03(config)#interface gi2/0/20

DV115SW03(config-if-Gi2/0/20)#port security max 10

DV115SW03(config-if-Gi2/0/20)#exit

DV115SW03(config)#exit

DV115SW03#show ports security gi2/0/20

Port       Status    Action             Maximum  Trap     Frequency

-----      --------  -----------------  -------  -------  ---------

Gi2/0/20   Locked    Discard            10       Disable  30

DV115SW03#show ports security addresses  gi2/0/20

Dynamic addresses: 3

Maximum addresses: 10

Learned addresses

------- ---------

8851.FB5B.C654

DV115SW03#

DV115SW03#show mac address-table interface  gi2/0/20

Aging time is 300 Sec

Vlan     Mac Address           Type        Port

-------- --------------------- ----------- ---------------------

521      8851.FB5B.C654        Dynamic     Gi2/0/20

DV115SW03#show ip dhcp snooping binding | include Gi2/0/20

  8851.FB5B.C654       10.19.1.40   521     Gi2/0/20  DYNAMIC       172613

DV115SW03#

==============================================================

Please advise.

Thanks,

Samantha

7 Posts

October 23rd, 2014 03:00

There is no error message when we cleared the mac address table.

This switch stack has 3 switches. They are all new and we upgraded them to 6.1.1.7

Today, another port gi1/0/11 has similar issue. The port security dynamic counter reached the max and the PC is not able to connect. We observed that when the PC sleeps, the interface in the N2048 is still up.

Thanks for your help.

Regards,

Samantha

7 Posts

October 24th, 2014 01:00

Dear Daniel,

Do you have any finding?

Thanks a lot,

Samantha

1 Message

January 12th, 2015 03:00

I have the same issue on N2048 switch. Have You any solution?

January 22nd, 2015 03:00

Hi, i have the same problem on a N3048P. it's urgent to found a solution. Port-security is a basic level2 feature.

How can we reset the "show ports security addresses" counters ?

No Events found!

Top