Cisco Switching/Routing :: 3550 - Port Security Verification

Apr 1, 2013

I'm trying to test port-security in my c3550 but when I show port-security int f0/23 shows it only "Disabled" as below:
 
run
interface FastEthernet0/23switchport access vlan 200switchport mode dynamic desirableswitchport port-security mac-address stickyspanning-tree portfast 

View 2 Replies


ADVERTISEMENT

Cisco Switching/Routing :: 3550 / Routing Protocol Neighbor Between SVI And Routed Port?

Apr 18, 2012

I have a collapsed core design with routed ports between all components. Access layer switches, data center switches, core/aggregation. All routed (no spanning-tree at all).Now...I have to add an IBM BladeCenter with a BNT layer 3 switch to my topology. However, those nasties don't seem to support routed ports.How can I have a routed port on my cisco switch and a standard access port on the BNT and still establish an adjacency with an SVI? I am running OSPF, but I am labbing this in my home lab with 2 x 3550s and EIGRP.
 
On SW2:
*Mar  1 00:57:00.711: EIGRP: Received HELLO on Vlan100 nbr 10.1.1.1
*Mar  1 00:57:00.711:   AS 999, Flags 0x0, Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
*Mar  1 00:57:02.303: EIGRP: Sending UPDATE on Vlan100 nbr 10.1.1.1, retry 9, RTO 5000 tid 0
*Mar  1 00:57:02.303:   AS 999, Flags 0x1, Seq 17/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1

[code].....

View 10 Replies View Related

Cisco Switching/Routing :: 3550 - Redirecting Port 80 Traffic?

Dec 12, 2011

How do I redirect my port 80 traffic to my Trend Micro IWSVA in my 3550 switch? How do I use PBR? Can I use WCCP in my 3550?

View 3 Replies View Related

Cisco Switching/Routing :: Port Unreachable Messages On 3550 Switch?

Jan 24, 2012

While working at a client site today, I was troubleshooting some ICMP connectivity for a network we have created.I turned on 'debug ip icmp" on the 3550 switch int he middle, and was inundated with the following debug output:
 
Jan 25 11:01:14.641: ICMP: dst (172.16.1.7) port unreachable rcv from 172.16.1.5
Jan 25 11:01:14.641: ICMP: dst (172.16.1.7) port unreachable rcv from 172.16.1.5
Jan 25 11:01:14.641: ICMP: dst (172.16.1.7) port unreachable rcv from 172.16.1.5
Jan 25 11:01:14.641: ICMP: dst (172.16.1.7) port unreachable rcv from 172.16.1.5

[code]....
 
This output fires several times a second, and based on how often it is firing, I am curious if it may be a culprit with respect to the fact that the client has indicated that they have some slow internet.Should the next step be to look at the workstation at 172.16.1.5? 

View 10 Replies View Related

Cisco Switching/Routing :: 3550 / Access List - Block One Ip Or Port

Jan 9, 2012

I have a layer 3 switch, 3550.I have several vlans on there just for playing around with. One of the vlans, has a vonage linksys box attached to it with a UK number attached. From time to time telemarketers call at 03:00 in the morning, this as I'm sure you can imagine is not much fun. The linksys box gets 192.168.3.3 as it's ip.The switch is connected to a non cisco router at 192.168.0.1
 
interface FastEthernet0/24
no switchport
ip address 192.168.0.2 255.255.255.0
 
I was thinking a time based access list would work best I have tried several variations but the phone still rings. I have tried access-list 1 deny host 192.168.3.3 permit ..... and more extensive lists but the phone still rings. I have not applied the time-range yet, so that's not the problem.I have applied the list to the vlan interface and to fa0/24 but it's not working.

View 3 Replies View Related

Cisco Switching/Routing :: Enabling Port Security On C4507R Shuts Down Port

Aug 13, 2012

I'm trying to enable port security on several 4507R's. When I try to configure a range of ports the switch will randomly put 1 or 2 in err-disable.  It's different every time I apply the config to the same group of ports.  However if I do them one at a time it seems to work.  But I really don't want to configure 6 fully populated switches one port at a time.   We also have a lot of 3750's and they gave me no problem using a port range. [code]

View 4 Replies View Related

Cisco Switching/Routing :: 891-W Access Verification Prompt?

Jan 25, 2013

Recieved this unit from an individual who has very little knowledge (like myself) with the 800 series.
 
I'm having issues just getting into this device, when I power it on and console into the unit i am presented with an "Access Verification" prompt that requires credentials that I do not have/know.
 
At some point (not sure how) I managed to get to a "yourname#" prompt at which point I configured using this document here and created a username and password and some other basic settings, I saved the config and did a reload and it takes me right back to that "Access Verification" prompt.
 
Sould I be using the CCPE to gain access to this device instead? Is there a way to recover that "Access Verification" username and pass? How did I ever get to that "yourname#" prompt?

View 7 Replies View Related

Cisco Switching/Routing :: Cat 6509E 6Kw PS AC Input Level Verification

Oct 27, 2011

I have a 6509E switch with dual 6Kw power supply that is logging "Power supply 1 input has changed.  Power capacity adjusted to 2671.20W" then will bounce back to normal at random times from 1sec to 10sec. Is there a command to check what each input level of the power supply to try to identify possibly which source is causing the problem? The power supply input lights remains green while this is occuring.

View 3 Replies View Related

Cisco Switching/Routing :: WS-C6509-E - Verification Of Services And Protocols

Sep 19, 2012

Network newbie need to verify all necessary services and protocols on a new WS-C6509-E are turned on.  This layer 3 switch will be used to connect to servers.
 
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXI9, RELEASE SOFTWARE (fc2)

[Code]....

View 6 Replies View Related

Cisco Switching/Routing :: How To Set Port Security On 881

Oct 25, 2011

Was wondering how to set port security on the 881. I have all the FE ports shutdown except one and want to limit that port to one specific MAC address. 

View 7 Replies View Related

Cisco Switching/Routing :: Port Security In CE500 Switch?

Sep 8, 2010

configure  port security Cisco 500 Swich ? There is no CLI mode in this switch?

View 2 Replies View Related

Cisco Switching/Routing :: 2960 - Turn Off Port Security

Dec 15, 2009

One of my engineers issued a command to turn off port security on a number of ports using the range command. The command failed on the first attempt due to a tacacs auth failure which I suspect is due to a low tacacs timeout value. The engineer then reduced the number of ports in the range command and re-issued the config change after which the switch just crashed and rebooted.
 
The logging buffer on the switch displays the following:
 
000072: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: System previously crashed with the following message:
000073: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE3, RELEASE SOFTWARE (fc1)
000074: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Technical Support: [URL]
000075: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Copyright (c) 1986-2009 by Cisco Systems, Inc.
000076: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Compiled Wed 22-Jul-09 07:03 by prod_rel_team
000077: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED:
[Code]........
 
I have done some searching and this could be related to bug CSCsq71492. I have tried using the output interpreter but it is still down. 

View 22 Replies View Related

Cisco Switching/Routing :: SF300 - Port Security / Possible To Disable?

Aug 2, 2012

I have several SF300 switches deployed (SF300-08, SF300-24P). They are connected to IP Telephones (NEC) which communicate with the switch for auto voice VLAN on LLDP. The problem I am experiencing is that periodically the IP telephones are rebooted by the telephone vendor and when they do the switch puts that port into "Locked" port security mode and discards all traffic to the port. The IP telephones of course do not work. In other switch models, I have seen the ability to enable / disable port security switch wide or on a port by port basis. This model does not appear to have this feature. How to disable or why the phones would cause the switch ports to "lock"? There is usually one PC attached to each phone.

View 1 Replies View Related

Cisco Switching/Routing :: 2950 Port Security Is Not Working

Feb 23, 2013

I have network consists of more then 20 cisco 2950/2960/3700 switches.  I have configured port security in my switches. initially when i configured on my switches it worked fine....even for copule of months it worked fine. but suddenly it start creating issues and now i am not able to implement port security on switches. the configuration is same but there is no effect now. Same switches were fine but now even having same configuration it is not working. please see the configuration: [code]

View 5 Replies View Related

Cisco Switching/Routing :: 3750 Port-security Will Not Clear

Jun 5, 2012

We have several 3750 stacks across our campus that we are unable to completely clear port security on. We have mac address stick set up on all access ports. When we clear the sticky address on the port, the mac address is removed from the running config like normal, but we keep getting port-security voilations. If port security is taken off the port completely, i.e. no switchport port-security, traffic still doesn't pass the port. Even clear port security across the stack doesn't work. If we try to reload the stack, only the master reboots, and the other switches in the stack lose switch capabilities.

View 1 Replies View Related

Cisco Switching/Routing :: Port Security On Nortel 5520

Jun 6, 2012

I've just completed a port security project at a site on numerous Cisco switches and all works well, however they have 2 Nortel 5520 switches (which I left until the end) which they would like to lock down.  I have logged a message on the Nortel forums and I have heard nothing for days.  I just need to lock 2 ports down to the Mac address of 2 computers stopping any other computer being plugged in. 

View 2 Replies View Related

Cisco Switching/Routing :: CE500 Switchport Port-security

Apr 19, 2012

I try change the configuration the port in the switch catalyst express 500, i need disable switch port port-security, a try with http://10.1.1.1/exec and save configuration with wr command, if a check the configuration de port is correct but i reboot the switch and check the configuration the port appear the switch port port-security configuration again.

View 3 Replies View Related

Cisco Switching/Routing :: Configured Port Security On 2960 Switches

Feb 18, 2013

I configured port security on my 2960 switches with the following commands: [code]
 
The problem is that when I should change someone's PC, first I disable port-secirity, then I clear all the mac addresses learned on the interface, then I plug the new PC and enable port-security. The new PC couldn't connect to the network and it's mac address has not be learned on the interface. Why?Which commands should I use to clear an old mac address and enable port-security with the new mac address.

View 4 Replies View Related

Cisco Switching/Routing :: 3560 Port Security And Voice Vlan On Newer IOS

May 20, 2010

For many years we've had the following vlan and port security config on our 3560s: [code] This has worked great on 12.2(37)SE1, 12.2(40)SE and 12.2(46)SE. However since 12.2(50)SE, and I've tried all the versions since then, we have a problem with 7900 phones and ATA186s taking upwards of 20 minutes before they can get a valid IP number.The problem on the newer IOSes seems to be related to the inactivity aging.On the older IOS versions the mac address of the voice device appears on the voice vlan straight away.
 
On the newer IOS versions the mac address of the voice device appears on the DATA vlan and seems to be stuck there until the inactivity aging removes it. It then gets re-learned, sometimes on the voice vlan, and sometimes on the data vlan. If you're unlucky and it gets re-learned on the data vlan you've got to wait until the inactivity time ages the address out again. Repeat until the mac address eventually gets learned on the voice vlan. I don't want to be stuck on 12.2(46)SE forever.

View 11 Replies View Related

Cisco Switching/Routing :: Catalyst 3546 XL / Switchport Port-security Command Not Available

Oct 26, 2011

Im trying to follow along documentation i see via train single videos and some online resources. I am trying to enable port security.I have a Catalyst 3546 XL when i type in "rtr1# switchport ?""port-security" is not only of the options to choose from.   I have already set this as an access port.

View 4 Replies View Related

Cisco Switching/Routing :: ME3600X Is Switchport Port-security Mac-address Sticky Available

May 5, 2012

Our customer has a Cisco ME3600X with the IOS me 360x-universalK9-mz.122-52.EY3.They are saying that is not possible to configure the "switchport port-security mac-address sticky" in the interfaces and want to know whether any additional license is needed.As far as I know there isn't any extra license to activate this feature and also I believe the ME3600 switch should have this feature with the universal IOS, isn't that right?

View 1 Replies View Related

Cisco Switching/Routing :: Port Security Dynamic Configuration On Catalyst 3560xPOE

Oct 2, 2012

I have connected a 10BaseT device to a CISCO Catalyst 3560xPOE switch with dynamic port security.  All seems to work fine when the distance between the two devices is closer then 200ft.  When I connect to 10BaseT devices farther out near 300ft the response from the attached device is lost. It works ok on unmanaged switches at the longer distance. Is there a minimum response time from attached devices for dynamic port security to work properly?  Is there any other explanation why it would work on cheaper switches, but not on the Port Secured Switch?

View 2 Replies View Related

Cisco Switching/Routing :: 1941 Port-Security With Router Switch Module

Feb 29, 2012

I have a 1941 that I am going to deploy with a HWIC-D-9ESW switch module (I only need 3 switch ports but need the PoE).  I am going to hang a 1262 autonomous AP off one of the ports but I need to configure MAC address port-security so that only that AP can pass traffic. I know the switch modules are 'almost' exactly like a switch for commands but I can't seem to enable or configure any port-security settings.  Is port-security no available on the switch modules?

View 3 Replies View Related

Cisco Switching/Routing :: Cat 3750 Drops First Frame / Packet With Port Security

Mar 5, 2013

our C3750 like the one described here [URL]
 
We have the port on the switch set like this:
switchport port-security maximum 25
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
 
In case a device connected to the port is inactive for more than 2 minues ( aging time ) the first frame/packet the device generates arrives to the port on the switch, but the switch does not forward it to the appropriate port ( discards it or whatever ).
 
So far I tested on
1 30    WS-C3750E-24PD     15.0(2)SE2            C3750E-IPBASEK9-M       
2 30    WS-C3750E-24PD     15.0(2)SE2            C3750E-IPBASEK9-M       
3 52    WS-C3750G-48PS     15.0(2)SE2            C3750-IPBASEK9-M

[Code].....
 
When we remove port security from the port, it works perfectly fine, as expected.
 
It seems this is not HW or IOS version related. It seems it is not a stack synchronization issue, it does not matter if a device is connected to the first or other stack member. I tested on C3560 too, here there are no problems, so seems it is 3750 related.

View 1 Replies View Related

Cisco Switching/Routing :: 3560 Port Security Triggers With Valid Mac Address During Power On

Feb 28, 2013

I have 2 3560 switches that are running 12.2(25)SEE2. Port security is enabled on some of the ports. Whenever there is a power failure, when power is restored, 1 port on each switch goes to err-disabled. The mac address that causes this is a valid address for that port. Below is the configuration on one of the ports.

View 1 Replies View Related

Cisco Switching/Routing :: 3750 Switches Refuse To Fire The Port-security Violation Traps

Oct 20, 2010

My group has recently started configuring traps on our switches to alert us of issues as they arise vs. waiting for the Helpdesk to receive user complaints and then responding.We have successfully configured the 2950 and 2960 switches to alert us when a port-security violation happens. However, the 3750 switches refuse to fire the port-security violation traps. The 3750's will fire an errdisable trap when the port goes down though.

Here is one of the port configurations:

interface FastEthernet1/0/45
switchport access vlan 5
switchport mode access
switchport port-security
switchport port-security mac-address sticky

[code].....

And here is the output of the port-security debug:

2522070: Oct 21 16:37:04: %LINK-3-UPDOWN: Interface FastEthernet1/0/45, changed state to down
2522089: Oct 21 16:37:05: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa1/0/45, putting Fa1/0/45 in err-disable state
2522100: Oct 21 16:37:05: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0012.3f07.95d3 on port FastEthernet1/0/45.

All of the 3750's are running C3750-IPBASEK9-M, Version 12.2(53) SE2. Wireshark also shows the errdisable traps, but no other traps so I've ruled out the traps being missed. All of the switches have been reloaded and power cycled.

View 3 Replies View Related

Cisco Switching/Routing :: Monitoring Port-Security Error-Disable And HSRP With 1921 And 2960

Aug 1, 2012

I am looking to simply monitor Port-Security , Error-Disable and HSRP. I would like to receive an email when any of these are triggered.
 
Port Security - Port Is shut down
Err-Disable - Port goes into err-disable state (securedown)
HSRP - When HSRP standyby changes are detected
 
I need to receive emails with any of the able are triggered. What is the easiest way to do this? I know SNMP is the main option but I have never worked with SNMP and dont understand it too much.

Equipment:
2x Cisco 1921 series routers
3x Cisco 2960 POE switches stacked

View 1 Replies View Related

Cisco Switching/Routing :: Does Catalyst 3550 Support Inter Vlan Routing

Jul 24, 2007

Does Catalyst 3550 switch support inter vlan routing ?

View 12 Replies View Related

Cisco Switching/Routing :: 3550 - IP Routing In L3 Capable Switches?

Apr 11, 2012

Is L3 ip routing on by default in 3550s?  If so is the "ip routing" command visible in the config file?  If no - I assume that one would enable L3 routing with that config command.In general terms are there any IOS devices where ip routing is enabled and one would not see the "ip routing" command in config.  I.E. if that command is not visible in the config could you assume there is no L3 capablity in that device?

View 1 Replies View Related

Cisco Switching/Routing :: Configure Routing Between 2800 And 3550

Sep 18, 2012

The layer 2 switches are connected to layer 3 Switch via trunks, and routing between layer 2 switch ports with configured SVI's on 3550. All working fine. Now I'm trying to configure routing between 2800 and 3550, I tried connecting both Straight Throught and Crossover cables to the 2800 Fa0/0 and Fa0/1 ports as well as the switchports on 3550
 
No switchport commands are configured however, the lights do not go on for both straight through or crossover cables. I tried connecting 1750 routers but same result. My goal is to have all the VLANS routed to the internet with configuring NAT translation the router.

View 2 Replies View Related

Cisco Switching/Routing :: 3550 / Layer 3 Switch Not Routing?

Apr 26, 2012

I have a 3550 l3 switch configured as follows:

vlan 10 ports 1-10
vlan 21 ports 11-20
vlan 30 port 21-30
vlan 40 ports 31-40
default vlan should be vlan 21

I have the servers, switch and router connected to vlan 21.  Vlan 21 works great I can browse the internet, but I cannot ping any other vlans. router is connected to fa0/19
 
[code]
Building configuration... 
Current configuration : 4833 bytes
 !
 version 12.2
 no service pad

[code]....

View 11 Replies View Related

Cisco Switching/Routing :: VLan Routing Same Switch 3550-12T?

Mar 10, 2013

I'm having some problems setting up vlans to talk to each other on a 3550-12T switch. Its quite a simple setup I have, but I need to split my network up.
 
Currently I have a network of 192.168.25.0 255.255.255.0 I want to create a new vlan network of 192.168.30.0 255.255.255.0 So I have configured my vlan1 (default vlan) to have an ip of 192.168.25.250 for getting to the management page
 
I have created a vlan2 of 192.168.30.1 255.255.255.0 ?I have a port 10 linked to one of my 3560G's?In port 9 which is on vlan2 I have my pc plugged in with a static ip of 192.168.30.50 from the router I can ping any device on 192.168.25.x.
 
I can not ping 192.168.30.1 (which is my vlan2) nor can i ping the PC.
 
I have enabled ip routing  But I dont have a default route, this is becase we don't have a router on the network.

View 18 Replies View Related

Cisco Switching/Routing :: 2600 / 3550 - InterVLan Routing

Dec 2, 2011

I've been working with these two Cisco devices in my home off and on for several months now but I just can't take it anymore, I'm about to throw them away and go back to Linksys router.
 
I have a Cisco 2600 Router with only one Ethernet card in it so I have to trunk from my 3550 Switch to that device.  I'd like to have my ISP and all users plug into switch and all trunk back to the router's sub interfaces. Currently, I have started over...again, and am unable to simply get the router and switch to ping each other if I put sub-interfaces on the router.  See my configs:
 
2600 ROUTER:
Router#sho run
Building configuration...
Current configuration : 555 bytes
[code]......

3550 SWITCH:
Switch#sho run
Building configuration...
Current configuration : 2302 bytes
!
version 12.2
[code]..........
 
Port F0/24 is in VLAN 1, as are all ports but Port F0/1 which is my desktop PC. I mocked it up in Packet Tracer and it works just fine.  This is just a simple setup and I'm making sure I can ping between switch and router before I move to each next step.

View 40 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved