1178 CHAPTER 91: PORT SECURITY CONFIGURATION
In addition, since NTK is enabled, frames with unknown destination MAC
addresses, multicast addresses, and broadcast addresses should be discarded.
Troubleshooting Port
Security
Cannot Set the Port
Security Mode
Symptom
Cannot set the port security mode.
[Switch-GigabitEthernet1/0/1] port-security port-mode autolearn
Error:When we change port-mode, we should first change it to noRestrictions, then change it to the other.
Analysis
For a port working in a port security mode other than noRestrictions, you cannot
change the port security mode by using the port-security port-mode command
directly.
Solution
Set the port security mode to noRestrictions first.
[Switch-GigabitEthernet1/0/1] undo port-security port-mode
[Switch-GigabitEthernet1/0/1] port-security port-mode autolearn
Cannot Configure Secure
MAC Addresses
Symptom
Cannot configure secure MAC addresses.
[Switch-GigabitEthernet1/0/1] port-security mac-address security 1-1-2 vlan 1
Error:Can not operate security MAC address for current port mode is not autoLearn!
Analysis
No secure MAC address can be configured on a port operating in a port security
mode other than autoLearn.
Solution
Set the port security mode to autoLearn.
[Switch-GigabitEthernet1/0/1] undo port-security port-mode
[Switch-GigabitEthernet1/0/1] port-security max-mac-count 64
[Switch-GigabitEthernet1/0/1] port-security port-mode autolearn
[Switch-GigabitEthernet1/0/1] port-security mac-address security 1-1-2 vlan 1
Cannot Change Port
Security Mode When a
User Is Online
Symptom
Port security mode cannot be changed when an 802.1x-authenticated or MAC
authenticated user is online.
[Switch-GigabitEthernet1/0/1] undo port-security port-mode
Error:Cannot configure port-security for there is 802.1X user(s) on line on port GigabitEthernet1/0/1.
Analysis
Changing port security mode is not allowed when an 802.1x-authenticated or
MAC authenticated user is online.
To Next Page
Loading...
