How to turn on disabled switch port because of port security

workfrom925workfrom925 Member Posts: 196
in CCNA & CCENT
On my home lab, a switch port shut down because I tried to plug another PC into a port with implemented port security on it with these command:

S2#show run | inc port-se
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security mac-address sticky 000a.cd21.2483
S2#

Once I took out the new PC, and reconnected the old PC to this port, the command "no shut" doesn't make the interface go up. So what should I do to make the switch port work again?
· Share on FacebookShare on Twitter

Comments

  • SecurityThroughObscuritySecurityThroughObscurity Member Posts: 212 ■■■□□□□□□□
    Errdisable Port State Recovery on the Cisco IOS Platforms - Cisco Systems
    · Share on FacebookShare on Twitter
  • atorvenatorven Member Posts: 319
    shut
    no shut
    · Share on FacebookShare on Twitter
  • workfrom925workfrom925 Member Posts: 196
    SecurityThroughObscurity wrote: »
    Errdisable Port State Recovery on the Cisco IOS Platforms - Cisco Systems

    I look it up on this linked page. It doesn't provide a solution for my case.

    At this link Catalyst 2950 Desktop Switch Software Configuration Guide, 12.1(6)EA2c - Configuring the Switch Ports* [Cisco Catalyst 2950 Series Switches] - Cisco Systems , it says I can disable port-security with the command "no switchport port-security". I entered the command, but it doesn't do anything.

    S2(config)#int f0/11
    S2(config-if)#no swit
    S2(config-if)#no switchport por
    S2(config-if)#no switchport port-security
    S2(config-if)#no shut
    S2(config-if)#do     show port-security address
    Secure Mac Address Table
    Vlan Mac Address Type Ports Remaining Age
    (mins)
    ----
    ----
    10 000a.cd21.2483 SecureSticky Fa0/11 -
    Total Addresses in System (excluding one mac per port) : 0
    Max Addresses limit in System (excluding one mac per port) : 1024

    S2#
    · Share on FacebookShare on Twitter
  • workfrom925workfrom925 Member Posts: 196
    atorven wrote: »
    shut
    no shut

    Haha I should read your suggestion more carefully. I thought I tried this, but I forgot to 'shut' first before 'no shut'. Now it's working.

    It would be a hassle whenever something like this happens. Is there a way to better handle a port-security problem like this?
    · Share on FacebookShare on Twitter
  • workfrom925workfrom925 Member Posts: 196
    Here is a new problem. I had "switchport port-security maximum 2" on fa0/11 earlier. Now I want to allow only one host to connect. So I try "switchport port-security maximum 1“, but it doesn't take that. What's the right procedure to correct this?

    ===

    S2(config-if)#switchport port-security maximum 1
    Maximum is less than number of currently secured mac-addresses.

    S2(config-if)
    · Share on FacebookShare on Twitter
  • FloOzFloOz Member Posts: 1,614 ■■■■□□□□□□
    Yah migrate to dot1x :)
    · Share on FacebookShare on Twitter
  • DCDDCD Member Posts: 473 ■■■■□□□□□□
    workfrom925 wrote: »
    I look it up on this linked page. It doesn't provide a solution for my case.

    The answer was their. It was the last section of the article. You need a new book the one you have doesn't seem to be working.
    · Share on FacebookShare on Twitter
  • atorvenatorven Member Posts: 319
    Check out the errdisable recovery interval command, this allows you to set how long it takes for an errdisabled port to be enabled.

    As for your second question RE: changing the maximums - try no switchport port-security maximum 2 first.
    · Share on FacebookShare on Twitter
  • MickQMickQ Member Posts: 628 ■■■■□□□□□□
    It should also be noted that the default (in most cases) maximum number is 1.
    If you don't see it in the running config, it's because it's a default.
    · Share on FacebookShare on Twitter
  • shortcut144shortcut144 Member Posts: 17 ■□□□□□□□□□
    Just wanted OP to know. I did the same thing when learning port security. It took me a day to find out the issue. I ended up asking the CCNP at work. :S
    · Share on FacebookShare on Twitter
  • iamme4evaiamme4eva Member Posts: 272
    workfrom925 wrote: »
    Here is a new problem. I had "switchport port-security maximum 2" on fa0/11 earlier. Now I want to allow only one host to connect. So I try "switchport port-security maximum 1“, but it doesn't take that. What's the right procedure to correct this?

    ===

    S2(config-if)#switchport port-security maximum 1
    Maximum is less than number of currently secured mac-addresses.

    S2(config-if)


    I would suspect this is because you have two configured mac addresses in your running config. You need to remove them with a "no" command. Do sh run and have a look.

    When you use the sticky feature, any mac addresses that are connected are added to the running config. As you had the max at 2, and error'd it out, then you must have two in your config. Trying to lower the max to 1, when there are two in the running config, is what throws this error.

    You'll most likely find out that it fixed itsself today anyway, if you powered your switch off overnight, as it only stores to the running!
    Current objective: CCNA Security
    My blog: mybraindump.co.uk
    · Share on FacebookShare on Twitter
Sign In or Register to comment.