Configuring Port Security

Hey All,

I am doing LAB 6.2.5 on CCNA 3, Step 9-B, well I followed everything to a tee, in Step 7 it tells me to add a static MAC address, then when i get to step nine where i put security on the port, i type this :

ALSwitch(config-if)#int fa0/4
ALSwitch(config-if)#switchport mode access
ALSwitch(config-if)#switchport port-security
Command rejected: FastEthernet0/4 has static addresses.

Well, you see the error there.

Can you guys explain to me why the lab tells me to put a static address in, if the switch wont allow it? or give me more information then what this LAB has given me?

Thanks

Ashley

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

larkspur

Did you build a static mac-address table first?

example:
Switch(config)# mac address-table static xxxx.xxxx.xxxx. vlan x interface
gigabitethernet0/1

hth!

datchcha

larkspur wrote:

Did you build a static mac-address table first?

example:
Switch(config)# mac address-table static xxxx.xxxx.xxxx. vlan x interface
gigabitethernet0/1

hth!

You could also use the: switchport port-security mac-address sticky command, which will learn the MAC address of the device when the first frame is set to the switch.

larkspur

Can you guys explain to me why the lab tells me to put a static address in, if the switch wont allow it? or give me more information then what this LAB has given me?

the lab exercise your on is probably building up to another exercise about port security. The command you tried to excute maybe doen a differrent way or have supporting commands that need to entered first. this really depaends on the version of code your switch is running.

make sense?

mikearama

Me thinks there's more than one static mac on the port in question... suggested by the error:
Command rejected: FastEthernet0/4 has static addresses.

More than one static address would cause the command to fail, since the default for the command "switchport port-security" is a max of 1 mac.

To test if this is so, either try "switchport port-security maximum 2" or more, or do a "sh port-security int f0/4" to see what mac's are configured... I'd put even money on there being two (or more).

Mike

larkspur

man if I could only read, I would have seen that.

nice catch.

Darkash

larkspur wrote:

Did you build a static mac-address table first?

example:
Switch(config)# mac address-table static xxxx.xxxx.xxxx. vlan x interface
gigabitethernet0/1

hth!

That is the command i put in step 7.

Darkash

mikearama wrote:

Me thinks there's more than one static mac on the port in question... suggested by the error:
Command rejected: FastEthernet0/4 has static addresses.

More than one static address would cause the command to fail, since the default for the command "switchport port-security" is a max of 1 mac.

To test if this is so, either try "switchport port-security maximum 2" or more, or do a "sh port-security int f0/4" to see what mac's are configured... I'd put even money on there being two (or more).

Mike

Hey mike, I will try this when i get home, but thanks for your advice and knowledge.

Ash

Darkash

datchcha wrote:

larkspur wrote:

Did you build a static mac-address table first?

example:
Switch(config)# mac address-table static xxxx.xxxx.xxxx. vlan x interface
gigabitethernet0/1

hth!

You could also use the: switchport port-security mac-address sticky command, which will learn the MAC address of the device when the first frame is set to the switch.

I tried this command, but it did not do anything.

dtlokee

Darkash wrote:

datchcha wrote:

larkspur wrote:

Did you build a static mac-address table first?

example:
Switch(config)# mac address-table static xxxx.xxxx.xxxx. vlan x interface
gigabitethernet0/1

hth!

You could also use the: switchport port-security mac-address sticky command, which will learn the MAC address of the device when the first frame is set to the switch.

I tried this command, but it did not do anything.

When a device connected to the interface sends a frame the switch will then convert the command into a "switch port-security mac-address xxxx.xxxx.xxxx" in the running config.

Darkash

Darkash wrote:

mikearama wrote:

Me thinks there's more than one static mac on the port in question... suggested by the error:
Command rejected: FastEthernet0/4 has static addresses.

More than one static address would cause the command to fail, since the default for the command "switchport port-security" is a max of 1 mac.

To test if this is so, either try "switchport port-security maximum 2" or more, or do a "sh port-security int f0/4" to see what mac's are configured... I'd put even money on there being two (or more).

Mike

Hey mike, I will try this when i get home, but thanks for your advice and knowledge.

Ash

I checked the commands, but none of them helped. I don't think you can set a stactic mac on the interface and then set the port-security. :S, I did it with dynamic macs and it worked. don't know whats going on there, what do you guys think?

larkspur

post the config and let us take a look.

Darkash

larkspur wrote:

post the config and let us take a look.

Okay man, ill go back to that lab tomorrow night, and paste it up.

Darkash

Darkash wrote:

larkspur wrote:

post the config and let us take a look.

Okay man, ill go back to that lab tomorrow night, and paste it up.

Here it is

Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname ALSwitch
ALSwitch(config)#line console 0
ALSwitch(config-line)#password cisco
ALSwitch(config-line)#login
ALSwitch(config-line)#line vty 0 15
ALSwitch(config-line)#password cisco
ALSwitch(config-line)#login
ALSwitch(config-line)#exit
ALSwitch(config)#enable password cisco
ALSwitch(config)#enable secret cisco
ALSwitch(config)#int VLAN 1
ALSwitch(config-if)#ip address 192.168.1.2 255.255.255.0
ALSwitch(config-if)#no shutdown
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
ALSwitch(config)#ip default-gateway 192.168.1.1
ALSwitch(config)#mac-address-table static 0060.700e.917c VLAN 1 int fa0/4
ALSwitch(config)#int fa0/4
ALSwitch(config-if)#switchport mode access
ALSwitch(config-if)#switchport port-security
Command rejected: FastEthernet0/4 has static addresses

That is where it errors out....

liven

Is port security on the CCNA exam?

mikearama

liven wrote:

Is port security on the CCNA exam?

Nope... but it is required study for the BCMSN exam.

Darkash... might as well remove the static mac, just to make sure port security works at all.
ALSwitch(config)#no mac-address-table static 0060.700e.917c VLAN 1 int fa0/4

Then try your port-sec commands. Maybe then try adding back in the static mac.

And perhaps post your "sh run"... that would help us see what you've got in there already.

dtlokee

Port security is in the official courseware so it could be on the CCNA exam.

Take out the static mac address then add the static entries back using port security (switchport port-security mac-address)

mikearama

I didn't think it was, dt... but sure enough, the 802 has added port security in the exam description. It wasn't there for the 801.

Looks like new CCNA's better know it, after all.