How to turn on disabled switch port because of port security

On my home lab, a switch port shut down because I tried to plug another PC into a port with implemented port security on it with these command:

S2#show run | inc port-se
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security mac-address sticky 000a.cd21.2483
S2#

Once I took out the new PC, and reconnected the old PC to this port, the command "no shut" doesn't make the interface go up. So what should I do to make the switch port work again?

Find more posts tagged with

Comments

SecurityThroughObscurity

Errdisable Port State Recovery on the Cisco IOS Platforms - Cisco Systems

atorven

shut
no shut

workfrom925

SecurityThroughObscurity wrote: »

Errdisable Port State Recovery on the Cisco IOS Platforms - Cisco Systems

I look it up on this linked page. It doesn't provide a solution for my case.

At this link Catalyst 2950 Desktop Switch Software Configuration Guide, 12.1(6)EA2c - Configuring the Switch Ports* [Cisco Catalyst 2950 Series Switches] - Cisco Systems , it says I can disable port-security with the command "no switchport port-security". I entered the command, but it doesn't do anything.

S2(config)#int f0/11
S2(config-if)#no swit
S2(config-if)#no switchport por
S2(config-if)#no switchport port-security
S2(config-if)#no shut
S2(config-if)#do show port-security address
Secure Mac Address Table

Vlan Mac Address Type Ports Remaining Age
(mins)
----

----

10 000a.cd21.2483 SecureSticky Fa0/11 -

Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 1024

S2#

workfrom925

atorven wrote: »

shut
no shut

Haha I should read your suggestion more carefully. I thought I tried this, but I forgot to 'shut' first before 'no shut'. Now it's working.

It would be a hassle whenever something like this happens. Is there a way to better handle a port-security problem like this?

workfrom925

Here is a new problem. I had "switchport port-security maximum 2" on fa0/11 earlier. Now I want to allow only one host to connect. So I try "switchport port-security maximum 1“, but it doesn't take that. What's the right procedure to correct this?

===

S2(config-if)#switchport port-security maximum 1
Maximum is less than number of currently secured mac-addresses.

S2(config-if)

FloOz

Yah migrate to dot1x

DCD

workfrom925 wrote: »

I look it up on this linked page. It doesn't provide a solution for my case.

The answer was their. It was the last section of the article. You need a new book the one you have doesn't seem to be working.

atorven

Check out the errdisable recovery interval command, this allows you to set how long it takes for an errdisabled port to be enabled.

As for your second question RE: changing the maximums - try no switchport port-security maximum 2 first.

MickQ

It should also be noted that the default (in most cases) maximum number is 1.
If you don't see it in the running config, it's because it's a default.

shortcut144

Just wanted OP to know. I did the same thing when learning port security. It took me a day to find out the issue. I ended up asking the CCNP at work. :S

iamme4eva

workfrom925 wrote: »

Here is a new problem. I had "switchport port-security maximum 2" on fa0/11 earlier. Now I want to allow only one host to connect. So I try "switchport port-security maximum 1“, but it doesn't take that. What's the right procedure to correct this?

===

S2(config-if)#switchport port-security maximum 1
Maximum is less than number of currently secured mac-addresses.

S2(config-if)

I would suspect this is because you have two configured mac addresses in your running config. You need to remove them with a "no" command. Do sh run and have a look.

When you use the sticky feature, any mac addresses that are connected are added to the running config. As you had the max at 2, and error'd it out, then you must have two in your config. Trying to lower the max to 1, when there are two in the running config, is what throws this error.

You'll most likely find out that it fixed itsself today anyway, if you powered your switch off overnight, as it only stores to the running!