Re: A secure port cannot be a protected port

I will verify it. I was expecting some kind of configuration error which I
didn't get. My config is given below,

interface FastEthernet0/46
 switchport access vlan 10
 switchport mode access
 *switchport protected
 switchport port-security*
 switchport port-security violation protect
 spanning-tree portfast
--------------------------------------------------------------------------------
3550#sh port-security interface fastEthernet 0/46
*Port Security : Enabled*
Port Status : Secure-down
Violation Mode : Protect
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
--------------------------------------------------------------------------------
3550#sh int fa0/46 switchport
Name: Fa0/46
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: negotiate
Negotiation of Trunking: Off
Access Mode VLAN: 10 (VLAN010)
<some output taken out>
*Protected: true*
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

On Sun, Apr 19, 2009 at 1:15 AM, Ryan West <rwest_at_zyedge.com> wrote:

> Well, that is indeed nifty. Both the 3550 and 3560 command reference say
> no, table says yes. Malik to test and find out? I know I have configured
> it before, but as Joe said, that doesn't really prove anything.
>
> -ryan
>
> -----Original Message-----
> From: Dale Shaw [mailto:dale.shaw_at_gmail.com]
> Sent: Saturday, April 18, 2009 10:04 PM
> To: S Malik
> Cc: Ryan West; Cisco certification
> Subject: Re: A secure port cannot be a protected port
>
> The 12.2(46)SE command reference for "switchport port-security" states
> "A secure port cannot be a protected port".
>
> It's very strange, because in the "Port Security Compatibility with
> Other Switch Features" table (Table 24-3) of the 12.2(46)SE
> configuration guide lists "Protected port" as being compatible with
> port security! This is the same table Ryan linked below.
>
> Only one way to find out, Malik! Do let us know how you go..
>
> cheers,
> Dale
>
> On Sun, Apr 19, 2009 at 2:39 PM, Ryan West <rwest_at_zyedge.com> wrote:
> > Malik,
> >
> > I don't think you should have any problem configuring it. I wasn't able
> to find the text you're referring to, but I was able to find this table for
> 12.2(25)SEB and 12.2(44)SE:
> >
> >
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_44_se/configuration/guide/swtrafc.html#wp1184775
> >
> > -ryan
> >
> > -----Original Message-----
> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> S Malik
> > Sent: Saturday, April 18, 2009 9:15 PM
> > To: Cisco certification
> > Subject: A secure port cannot be a protected port
> >
> > As per Cisco's documentation "A secure port cannot be a protected port",
> > However, I could configure port-security & switchport protected on an
> > interface on 3550 switch.
> >
> > Can any explain please?
> >
> > Thanks
> > Malik

Blogs and organic groups at http://www.ccie.net
Received on Sun Apr 19 2009 - 01:22:51 ART