From: Peter (peter@cyscoexpert.com)
Date: Mon Mar 24 2003 - 17:12:12 GMT-3
Dave,
Shutdown your FastEthernet interface on the switch and the router. Clear
mac-address-table dynamic, then put port security with the MAC address.
Putting port security on Cat3550 with the MAC address causes creation of a
static MAC address entry in CAM table and the switch won't let you do it
until dynamic entry is there.
_____________________________
Peter
#7247 (R&S, Security, C&S)
CyscoExpert Corp.
4433 W. Touhy Ave. Suite 410
Lincolnwood, IL 60712
Phone (847) 674-3392
Toll Free (866) CyscoXP (297-2697)
Fax (847) 674-2625
----- Original Message -----
From: "Voss, David" <dvoss@heidrick.com>
To: "'Mike Williams'" <ccie2be@swbell.net>; "'Scott M. Livingston'"
<scottl@sprinthosting.net>; <ccielab@groupstudy.com>
Sent: Monday, March 24, 2003 8:42 AM
Subject: RE: Port-Security Error Message
> Thanks, I'll give it a shot. I do know for a fact that MAC resides only
on
> that port. Port-security is only on that port. We'll see if shut/no-shut
> does the trick.
>
> -----Original Message-----
> From: Mike Williams [mailto:ccie2be@swbell.net]
> Sent: Monday, March 24, 2003 12:38 AM
> To: 'Scott M. Livingston'; Voss, David; ccielab@groupstudy.com
> Subject: RE: Port-Security Error Message
>
>
> I don't know if this will fix your problem but try this:
>
> Shutdown the port. Clear the CAM table, enter the "switchport
> port-security mac-address 0010.7b36.7ccc", then do a 'no shut' on the
> port....
>
> If you know for a fact that this mac lives on that port, then shutting
> it and clearing the CAM should get rid of it and shutting the port
> should also get rid of it from the port-security standpoint (unless you
> use sticky, right?)
>
> Mike W.
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Scott M. Livingston
> Sent: Sunday, March 23, 2003 9:00 PM
> To: 'Voss, David'; ccielab@groupstudy.com
> Subject: RE: Port-Security Error Message
>
>
> David,
>
> I don't believe that is the correct assumption, but I could be wrong.
> Are you sure that that MAC doesn't currently live on another port right
> now? I am assuming that the MAC might either be tied to another port via
> dynamic (plugged into) or port security turned up for it on another
> port. - Just a guess.
>
> Thanks,
> scott
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Voss, David
> Sent: Sunday, March 23, 2003 4:58 PM
> To: 'ccielab@groupstudy.com '
> Subject: Port-Security Error Message
>
> When I do this...
>
> int fast 0/0
> switchport port-security
> switchport port-security mac-address 0010.7b36.7ccc
>
> I get this..
> %Error: Address 0010.7b36.7ccc already exists.
>
> I believe this is because by default, port-security on the 3550 accepts
> 128 secure mac-addresses and will learn dynamically the mac-address of
> the device connected to that port. Therefore, there is no need to
> specify port-security mac-address since it is dynamically learned.
>
> Can anyone else confirm why that message comes up?
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:43 GMT-3