Re: switchport port-security violation shutdown vlan from Sadiq Yakasai on 2009-08-11 (Ccielab archives 08/2009)

From: Sadiq Yakasai <sadiqtanko_at_gmail.com>
Date: Tue, 11 Aug 2009 09:54:58 +0100

Somyt, Tobi,

Actually, this is rather a new command and the functionality is slightly
different from the tradition "violation action shutdown". What this command
does is it err-disables only the VLAN where the violation occurs (Voice or
Data VLAN).

It was developed by Cisco in an effort to mitigate the rather undesirable
behavior of err-disabling a whole port, on which there at least 2 devices
connected (an IP Phone + a PC behind it), when only one of the devices
caused the violation (which is typically the PC, however, not limited to).

Hope that clarifies it abit.

Sadiq

On Tue, Aug 11, 2009 at 8:59 AM, Tobi Babatunde <tobibabatunde_at_gmail.com>wrote:

> Hi Somyot
>
> The function of switch port violation shutdown is that it puts the
> port in an err disable mode immediately the maximum command is
> exceeded or violated, making the user who plugs in or the device
> plugged in not to receive any frame.
>
> I hope this helps.
>
> Tobi Babs
>
> On 8/11/09, Somyot Ch <somyot.ch_at_gmail.com> wrote:
> > Hi guy,
> > Anyone can explain function of command "switchport port-security
> violation
> > shutdown vlan" when vilolation is occured ??
> > This is example of usage but I don't sure actually function.
> > Switch#configure terminal
> > Switch(config)#interface fastEthernet 0/3
> > Switch(config-if)#switchport mode access
> > Switch(config-if)#switchport access vlan 10
> > Switch(config-if)#switchport voice vlan 101
> > Switch(config-if)#switchport port-security
> > Switch(config-if)#switchport port-security maximum 3
> > Switch(config-if)#switchport port-security maximum 2 vlan access
> > Switch(config-if)#switchport port-security maximum 1 vlan voice
> > Switch(config-if)#switchport port-security violation shutdown vlan
> > Switch(config-if)#switchport port-security mac-address 0000.0203.0405
> vlan
> > access
> > Switch(config-if)#switchport port-security mac-address 0000.0304.0506
> vlan
> > voice
> > Switch(config-if)#switchport port-security mac-address 0000.0304.0506
> vlan
> > access
> > Switch(config-if)#end
> >
> > Cheers,
> > Somyot
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
CCIE #19963
Blogs and organic groups at http://www.ccie.net

Received on Tue Aug 11 2009 - 09:54:58 ART

This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 05:43:56 ART