Hi all,
I have a customer with the following interface configuration on their AOS-CX switches:
interface 1/1/30
no shutdown
no routing
vlan access 100
spanning-tree bpdu-guard
spanning-tree tcn-guard
spanning-tree port-type admin-edge
port-access security violation action shutdown
port-access security violation action shutdown auto-recovery enable
port-access security violation action shutdown recovery-timer 60
port-access port-security
enable
no lldp transmit
no lldp receive
no cdp
loop-protect
exit
But when a dumb switch is connected to the port, it never shuts down. They want to ensure only a single MAC address is permitted. Which is the default value when no limit is specified.
There are currently 12 MAC addresses connected to that port:
show mac-address-table int 1/1/30
MAC age-time : 300 seconds
Number of MAC addresses : 12
MAC Address VLAN Type Interface
-------------------------------------------------------------------
xx:xx:xx:xx:f9:d9 100 dynamic 1/1/30
xx:xx:xx:xx:c0:fd 100 dynamic 1/1/30
xx:xx:xx:xx:c0:47 100 dynamic 1/1/30
xx:xx:xx:xx:bc:83 100 dynamic 1/1/30
xx:xx:xx:xx:ba:e3 100 dynamic 1/1/30
xx:xx:xx:xx:ba:b9 100 dynamic 1/1/30
xx:xx:xx:xx:ba:e5 100 dynamic 1/1/30
xx:xx:xx:xx:ba:ef 100 dynamic 1/1/30
xx:xx:xx:xx:bb:12 100 dynamic 1/1/30
xx:xx:xx:xx:bb:a0 100 dynamic 1/1/30
xx:xx:xx:xx:bb:ea 100 dynamic 1/1/30
And I also get the following message using the verification commands:
show port-access port-security interface 1/1/30 port-statistics
Port-security is not configured.
show port-access port-security interface 1/1/30 client-status
Port-security is not configured.
What am I missing?
There is a command to enable port-access port-security globally, but the documentation doesn't say anything about enabling this first - in fact, I would rather not enable it globally and have to remove it from the interfaces that don't require it.
------------------------------
Regards,
Brett V
------------------------------