Re: Port-Security MAC address issue

Hello,

On Wed, Aug 3, 2011 at 1:17 PM, Irfan Sid <lifeoverip_at_gmail.com> wrote:

> I am having ane issue with port-security, in that when a user moves his
> laptop from one desk to another, i have to clear off their mac-address from
> the old port before they can plug into the new port.
>

I believe this should be the expected outcome.

>
> With my port-security configuration this shouldnt happen, as I am not using
> MAC-address sticky command. So when the user unplugs his laptop from a
> switchport the mac-address should immediately cleared off. This will allow
> him to use that mac-address (Laptop) on anotehr port. But this is not
> happening and each time I have to log on and clear the mac-address off the
> old port before user can use the new port.
>

Nope, sticky just makes sure that the mac address learned survives a reboot.

> interface GigabitEthernet0/xx
> switchport access vlan 100
> switchport mode access
> switchport port-security maximum 2
> switchport port-security
> switchport port-security violation
> spanning-tree portfast
> spanning-tree bpduguard enable
>

So essentially, what you are doing with this configuration with 'switchport
port-security maximum 2' -
The switch would only learn the first two mac-addresses from this port and
as a result traffic not destined for this mac address would be dropped.

Say you use the sticky option, the switch would keep these two learned
mac-addresses so that only these addresses can be used on the port even when
u reboot the switch and clear mac-address :)

>
> Please advise.
>

So to resolve the problem, you can manually add a static entry for the
laptop on all the ports that will be used.

Regards,

Bobola

>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Aug 03 2011 - 13:46:57 ART