Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

2950 switch port-security

Status
Not open for further replies.
packetkiller

packetkiller

Technical User
May 28, 2008
7
CN
i have a 2950-12 cisco switch,
and i am trying to use switchport port-security command to secure my little lan.

my switch port fa0/1 connects to a hub,and there are 3 computers connect to the hub, and the hub connects to a router which provides internet access.

i want to assign a static mac address which is the router's mac to my switch port fa0/1, so i can prevent those 3 computers access my lan.

i typed commands in my switch:
sw(config-if)#switchport port-security maximum 1
sw(config-if)#switchport port-security violation shutdown
sw(config-if)#switchport port-security mac-address aaaa.bbbb.cccc

from my understanding, my switch mac-address-table will only have router's mac which i assigned.
however, it turned out there are 3 more mac addresses associated with port fa0/1
why is this happening?

by the way, the router functions as dhcp and dns as well, is there any association with dhcp broadcast request those computers send? results in my switch fa0/1 has more mac addresses
 
Sort by date Sort by votes
First of all did you enable port-security on the interface by first issuing the following:
Code: 
Switch(config-if)# switchport port-security <cr>
if so try running this command:
Code: 
Switch(config)# clear port-security dynamic interface <type><mod>/<num>

ex:
Switch(config)# clear port-security dynamic int g0/3

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
i tried switchport port-security command, i got a rejection:
command rejected:not eligible for secure port.
also, i tried clear port-security dynamic inter fa0/1, and nothing happened, what is supposed to happen? all dynamic mac addresses will be cleared?
by the way, clear port-security dynamic inter fa0/1 does not work under config mode, it works under privileged mode.

thanks for your help
 
Upvote 0 Downvote
what is the operational mode of the port?? If it's dynamic it won't work

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
ok, i know what i did wrong
i have to do switchport mode access first, then i can use all the switchport commands
also, the mac-address-table is cleared

thanks
 
Upvote 0 Downvote
bingo. glad you got it working.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
215
madwok
madwok
Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
127
Zero6
Zero6
khashyar2021
  • Locked
  • Question
Problem with cisco switch after upgrading
Replies
1
Views
125
Geraldine Souza
Geraldine Souza
Gartech
  • Locked
  • Question
LAN Port Test Device
Replies
3
Views
124
ipohead
ipohead
bfordz
  • Locked
  • Question
new help on setting up third party VoIP phones through Catalyst 2960x switch
Replies
0
Views
103
bfordz
bfordz

Part and Inventory Search

Sponsor

Back
Top