Switchport port-security violation shutdown How can we solve that!? Not that difficult, right!? Here´s the answer: conf tĮrrdisable recovery cause psecure-violation
CLEAR SWITCHPORT PORT SECURITY MAC ADDRESS STICKY MAC
The MAC Address MUST appear in the running-configuration. So, for example, to allow two MAC Addresses (111) at FastEthernet 0/6 (configured as an access-port), and, if any violation to that rule occurs, the port should be placed in ERRDISABLE state, recovering itself after 1hour without any intervation. In order to have it in your running configuration, you have to use the STICKY keyword: switchport port-security mac-address sticky that way, the configured MAC Address will appear at the running-configuration, and of course, you´ll be able to save it! If you do not specify any MAC Addresses after the STICKY keyword, the switch will dynamically learn the attached MAC Address and place it into your running-configuration. If you issue a show switchport port-security you´ll see the configured MAC there, but not in the show run! That will recover the port 30min (1800sec) after the violation event! Cool! :)Īnother thing to keep in mind is: the command switchport port-security mac-address by itself will not get the configured MAC Address into the running-configuration of your switch. Fortunately, there´s another way to do that, you can also set it to "autorecovery" using the feature errdisable recovery(global configuration mode), the commands for this are:įor example, if the Port-Security placed a port in ERRDISABLE state, you can set your switch to recovery it like that: errdisable recovery cause psecure-violation When a port enters in the ERRDISABLE state you can do a shutand no shut to recover it! That can be a boring task, if you have many "smart users" in your network. The port will stop transmitting anything in the ERRDISABLE state, also, the port LED will turn off. Shutdown - When a violation occurs in the shutdown mode, it sets the port to ERRDISABLE state.
0 kommentar(er)
