Cisco Switching/Routing :: SF300 - Port Security / Possible To Disable?

Aug 2, 2012

I have several SF300 switches deployed (SF300-08, SF300-24P). They are connected to IP Telephones (NEC) which communicate with the switch for auto voice VLAN on LLDP. The problem I am experiencing is that periodically the IP telephones are rebooted by the telephone vendor and when they do the switch puts that port into "Locked" port security mode and discards all traffic to the port. The IP telephones of course do not work. In other switch models, I have seen the ability to enable / disable port security switch wide or on a port by port basis. This model does not appear to have this feature. How to disable or why the phones would cause the switch ports to "lock"? There is usually one PC attached to each phone.

View 1 Replies


ADVERTISEMENT

Cisco Switching/Routing :: Monitoring Port-Security Error-Disable And HSRP With 1921 And 2960

Aug 1, 2012

I am looking to simply monitor Port-Security , Error-Disable and HSRP. I would like to receive an email when any of these are triggered.
 
Port Security - Port Is shut down
Err-Disable - Port goes into err-disable state (securedown)
HSRP - When HSRP standyby changes are detected
 
I need to receive emails with any of the able are triggered. What is the easiest way to do this? I know SNMP is the main option but I have never worked with SNMP and dont understand it too much.

Equipment:
2x Cisco 1921 series routers
3x Cisco 2960 POE switches stacked

View 1 Replies View Related

Cisco Switching/Routing :: 2960 - Disable TCP Port 4786

Mar 1, 2010

I have upgraded a couple of 2960G switches to 12.2.52SE and now discovered that TCP port 4786 is open on the switches.
 
I have looked in the document{URL}, trying to find a way to disable this function/port, but didn't find anything useful. Any way to disable this function/port?

View 3 Replies View Related

Cisco Switching/Routing :: 6513 - Disable Logging On Specific Port

Jan 18, 2012

Ask this question, if someone came across a 6513, one of the RJ45 ports are constantly falling.The question is how to disable logging on a specific portno logging event link-status does not work. 

View 1 Replies View Related

Cisco Switching/Routing :: 2960G Disable Srr-queue On Switch Port

Jun 20, 2012

I have a Cisco 2960G switch and one of the ports was configured with srr-queue bandwidth limit 90 - I need to remove this bandwidth limiting from this interface. [code]

View 2 Replies View Related

Cisco Switching/Routing :: 2960 Err-disable Port State Recovery

Jan 25, 2012

I am testing 2960 24 S  with storm-control  and Errdisable Port timer interval 60s , connected HUB on fa0/17 to make traffic / loop.After Strom Control detection the interface goes down thats ok  after 60s they will try to recover the interface and going up although the loop is still there.For my understanding if the interface detect still a loop on that interface they will disable the port again for 60s and will check  again. [code]

View 7 Replies View Related

Cisco Switching/Routing :: Port Goes Into Error Disable State 3750

Jun 29, 2012

We have a number of 3750 stacks used as access layer switches connecting Siemens VOIP phones and then a PC that connects to the phone.
 
For example if I plug PC A to the phone that connects to port 13 I pick up an IP addressand all works as predicted now if I plug in PC A to any other VOIP phone that connect to another port on the same switch it goes in error disable state ITs like the switch is holding my PC mac address and locks it down with the port which in my case is Gi2/0/13.
 
interface GigabitEthernet2/0/13
switchport access vlan 726
switchport mode access

[Code].....

View 7 Replies View Related

Cisco Switching/Routing :: C3750 - Ethernet Port Goes To Err Disable Mode

Dec 6, 2011

I have stacked WS-C3750E-24PD with Ten Gigabit Ethernet ports configured under ether-channel. It has c3750e-universalk9-mz.122-55.SE1.bin IOS installed on it. One of the Ten Gigabit Ethernet ports, goes to err-disable mode with following errors on that specific ports.

%SFF8472-5-THRESHOLD_VIOLATION: Te1/0/2: Tx power low alarm; Operating value: -31.0 dBm, Threshold value:  -9.0 dBm.
%SFF8472-5-THRESHOLD_VIOLATION: Te1/0/2: Tx power low alarm; Operating value: -31.0 dBm, Threshold value:  -9.0 dBm. (DROmx-1-1)
 
I have gone through some of CSC forums like {URL}. The workaround is to "Remove the X2 or SFP from the inactive up link port" which is not in my case.

View 9 Replies View Related

Cisco Security :: 881 Series Router - How To Disable USB Port

Sep 11, 2011

How do I disable the USB port in the 881 router?
  
881router#show usb port
Port Number: 0
Status: Disabled
Connection State: Disconnected
Speed: Full
Power State: ON

View 3 Replies View Related

Cisco Switching/Routing :: 3750 (WS-C3750-48P ) Two Port Showing Err-disable And Amber

May 10, 2013

In our company 3nos Cisco 3750 (WS-C3750-48P) access switch in stake mode. All port are assigned with voice and data Vlan also Avaya IP connected with this switches. From last few days tow port 2/0/7 and 2/0/8 is showing amber and status is showing err-disable. At Avaya end it is showing a message “ETHERNET WAITING” in phone dispaly. I try to connect laptop directly with these ports but it is showing "Cross Connectivity". [code]

View 4 Replies View Related

Cisco Switching/Routing :: Enabling Port Security On C4507R Shuts Down Port

Aug 13, 2012

I'm trying to enable port security on several 4507R's. When I try to configure a range of ports the switch will randomly put 1 or 2 in err-disable.  It's different every time I apply the config to the same group of ports.  However if I do them one at a time it seems to work.  But I really don't want to configure 6 fully populated switches one port at a time.   We also have a lot of 3750's and they gave me no problem using a port range. [code]

View 4 Replies View Related

Cisco Switching/Routing :: WS-C3560-24PS / WS-C3560-48PS - Port With WAP Goes To Err-disable?

Oct 11, 2012

We have a Cisco switch in each office and every now and then the port that has the D-Link Wireless AP (DAP-1522) connected to it goes to err-disable state. Actually sometimes even a regular port that has a cisco phone connected may also go to err-disable state (less often). So I have to telnet into the switch and issue shut and no shut command on that interface to get it back to life, then it works for a few days or weeks until it happens again. Any suitable configuraiton for that interface, that would prevent that from happening or a workaround ?
 
Here's the info:
 
Model: cisco WS-C3560-24PS and cisco WS-C3560-48PS
Image:c3560-ipbase-mz.122-35.SE5.bin
 
This is the log from one switch:

31w5d: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/2, putting Fa0/2 in err-disable state
31w5d: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 74e2.f592.f7f2 on port FastEthernet0/2.
31w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed  state to down
 
And from another, which is almost the same:

5d10h: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/3, putting Fa0/3 in err-disable state
5d10h: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address d8a2.5e31.2cf6 on port FastEthernet0/3.
5d10h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
5d10h: %LINK-3-UPDOWN: Interface FastEthernet0/3, changed state to down
 
Here's the configuration of fe interfaces (they are all alike):

interface FastEthernet0/2
description Voice & Data Combo Port
switchport access vlan 11
switchport mode access
switchport voice vlan 15

[code]....

View 3 Replies View Related

Cisco Switching/Routing :: How To Set Port Security On 881

Oct 25, 2011

Was wondering how to set port security on the 881. I have all the FE ports shutdown except one and want to limit that port to one specific MAC address. 

View 7 Replies View Related

Cisco Switching/Routing :: Port Security In CE500 Switch?

Sep 8, 2010

configure  port security Cisco 500 Swich ? There is no CLI mode in this switch?

View 2 Replies View Related

Cisco Switching/Routing :: 2960 - Turn Off Port Security

Dec 15, 2009

One of my engineers issued a command to turn off port security on a number of ports using the range command. The command failed on the first attempt due to a tacacs auth failure which I suspect is due to a low tacacs timeout value. The engineer then reduced the number of ports in the range command and re-issued the config change after which the switch just crashed and rebooted.
 
The logging buffer on the switch displays the following:
 
000072: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: System previously crashed with the following message:
000073: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE3, RELEASE SOFTWARE (fc1)
000074: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Technical Support: [URL]
000075: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Copyright (c) 1986-2009 by Cisco Systems, Inc.
000076: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Compiled Wed 22-Jul-09 07:03 by prod_rel_team
000077: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED:
[Code]........
 
I have done some searching and this could be related to bug CSCsq71492. I have tried using the output interpreter but it is still down. 

View 22 Replies View Related

Cisco Switching/Routing :: 2950 Port Security Is Not Working

Feb 23, 2013

I have network consists of more then 20 cisco 2950/2960/3700 switches.  I have configured port security in my switches. initially when i configured on my switches it worked fine....even for copule of months it worked fine. but suddenly it start creating issues and now i am not able to implement port security on switches. the configuration is same but there is no effect now. Same switches were fine but now even having same configuration it is not working. please see the configuration: [code]

View 5 Replies View Related

Cisco Switching/Routing :: 3750 Port-security Will Not Clear

Jun 5, 2012

We have several 3750 stacks across our campus that we are unable to completely clear port security on. We have mac address stick set up on all access ports. When we clear the sticky address on the port, the mac address is removed from the running config like normal, but we keep getting port-security voilations. If port security is taken off the port completely, i.e. no switchport port-security, traffic still doesn't pass the port. Even clear port security across the stack doesn't work. If we try to reload the stack, only the master reboots, and the other switches in the stack lose switch capabilities.

View 1 Replies View Related

Cisco Switching/Routing :: Port Security On Nortel 5520

Jun 6, 2012

I've just completed a port security project at a site on numerous Cisco switches and all works well, however they have 2 Nortel 5520 switches (which I left until the end) which they would like to lock down.  I have logged a message on the Nortel forums and I have heard nothing for days.  I just need to lock 2 ports down to the Mac address of 2 computers stopping any other computer being plugged in. 

View 2 Replies View Related

Cisco Switching/Routing :: 3550 - Port Security Verification

Apr 1, 2013

I'm trying to test port-security in my c3550 but when I show port-security int f0/23 shows it only "Disabled" as below:
 
run
interface FastEthernet0/23switchport access vlan 200switchport mode dynamic desirableswitchport port-security mac-address stickyspanning-tree portfast 

View 2 Replies View Related

Cisco Switching/Routing :: CE500 Switchport Port-security

Apr 19, 2012

I try change the configuration the port in the switch catalyst express 500, i need disable switch port port-security, a try with http://10.1.1.1/exec and save configuration with wr command, if a check the configuration de port is correct but i reboot the switch and check the configuration the port appear the switch port port-security configuration again.

View 3 Replies View Related

Cisco Switching/Routing :: Configured Port Security On 2960 Switches

Feb 18, 2013

I configured port security on my 2960 switches with the following commands: [code]
 
The problem is that when I should change someone's PC, first I disable port-secirity, then I clear all the mac addresses learned on the interface, then I plug the new PC and enable port-security. The new PC couldn't connect to the network and it's mac address has not be learned on the interface. Why?Which commands should I use to clear an old mac address and enable port-security with the new mac address.

View 4 Replies View Related

Cisco Switching/Routing :: 3560 Port Security And Voice Vlan On Newer IOS

May 20, 2010

For many years we've had the following vlan and port security config on our 3560s: [code] This has worked great on 12.2(37)SE1, 12.2(40)SE and 12.2(46)SE. However since 12.2(50)SE, and I've tried all the versions since then, we have a problem with 7900 phones and ATA186s taking upwards of 20 minutes before they can get a valid IP number.The problem on the newer IOSes seems to be related to the inactivity aging.On the older IOS versions the mac address of the voice device appears on the voice vlan straight away.
 
On the newer IOS versions the mac address of the voice device appears on the DATA vlan and seems to be stuck there until the inactivity aging removes it. It then gets re-learned, sometimes on the voice vlan, and sometimes on the data vlan. If you're unlucky and it gets re-learned on the data vlan you've got to wait until the inactivity time ages the address out again. Repeat until the mac address eventually gets learned on the voice vlan. I don't want to be stuck on 12.2(46)SE forever.

View 11 Replies View Related

Cisco Switching/Routing :: Catalyst 3546 XL / Switchport Port-security Command Not Available

Oct 26, 2011

Im trying to follow along documentation i see via train single videos and some online resources. I am trying to enable port security.I have a Catalyst 3546 XL when i type in "rtr1# switchport ?""port-security" is not only of the options to choose from.   I have already set this as an access port.

View 4 Replies View Related

Cisco Switching/Routing :: ME3600X Is Switchport Port-security Mac-address Sticky Available

May 5, 2012

Our customer has a Cisco ME3600X with the IOS me 360x-universalK9-mz.122-52.EY3.They are saying that is not possible to configure the "switchport port-security mac-address sticky" in the interfaces and want to know whether any additional license is needed.As far as I know there isn't any extra license to activate this feature and also I believe the ME3600 switch should have this feature with the universal IOS, isn't that right?

View 1 Replies View Related

Cisco Switching/Routing :: Port Security Dynamic Configuration On Catalyst 3560xPOE

Oct 2, 2012

I have connected a 10BaseT device to a CISCO Catalyst 3560xPOE switch with dynamic port security.  All seems to work fine when the distance between the two devices is closer then 200ft.  When I connect to 10BaseT devices farther out near 300ft the response from the attached device is lost. It works ok on unmanaged switches at the longer distance. Is there a minimum response time from attached devices for dynamic port security to work properly?  Is there any other explanation why it would work on cheaper switches, but not on the Port Secured Switch?

View 2 Replies View Related

Cisco Switching/Routing :: 1941 Port-Security With Router Switch Module

Feb 29, 2012

I have a 1941 that I am going to deploy with a HWIC-D-9ESW switch module (I only need 3 switch ports but need the PoE).  I am going to hang a 1262 autonomous AP off one of the ports but I need to configure MAC address port-security so that only that AP can pass traffic. I know the switch modules are 'almost' exactly like a switch for commands but I can't seem to enable or configure any port-security settings.  Is port-security no available on the switch modules?

View 3 Replies View Related

Cisco Switching/Routing :: Cat 3750 Drops First Frame / Packet With Port Security

Mar 5, 2013

our C3750 like the one described here [URL]
 
We have the port on the switch set like this:
switchport port-security maximum 25
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
 
In case a device connected to the port is inactive for more than 2 minues ( aging time ) the first frame/packet the device generates arrives to the port on the switch, but the switch does not forward it to the appropriate port ( discards it or whatever ).
 
So far I tested on
1 30    WS-C3750E-24PD     15.0(2)SE2            C3750E-IPBASEK9-M       
2 30    WS-C3750E-24PD     15.0(2)SE2            C3750E-IPBASEK9-M       
3 52    WS-C3750G-48PS     15.0(2)SE2            C3750-IPBASEK9-M

[Code].....
 
When we remove port security from the port, it works perfectly fine, as expected.
 
It seems this is not HW or IOS version related. It seems it is not a stack synchronization issue, it does not matter if a device is connected to the first or other stack member. I tested on C3560 too, here there are no problems, so seems it is 3750 related.

View 1 Replies View Related

Cisco Switching/Routing :: 3560 Port Security Triggers With Valid Mac Address During Power On

Feb 28, 2013

I have 2 3560 switches that are running 12.2(25)SEE2. Port security is enabled on some of the ports. Whenever there is a power failure, when power is restored, 1 port on each switch goes to err-disabled. The mac address that causes this is a valid address for that port. Below is the configuration on one of the ports.

View 1 Replies View Related

Cisco Switching/Routing :: 3750 Switches Refuse To Fire The Port-security Violation Traps

Oct 20, 2010

My group has recently started configuring traps on our switches to alert us of issues as they arise vs. waiting for the Helpdesk to receive user complaints and then responding.We have successfully configured the 2950 and 2960 switches to alert us when a port-security violation happens. However, the 3750 switches refuse to fire the port-security violation traps. The 3750's will fire an errdisable trap when the port goes down though.

Here is one of the port configurations:

interface FastEthernet1/0/45
switchport access vlan 5
switchport mode access
switchport port-security
switchport port-security mac-address sticky

[code].....

And here is the output of the port-security debug:

2522070: Oct 21 16:37:04: %LINK-3-UPDOWN: Interface FastEthernet1/0/45, changed state to down
2522089: Oct 21 16:37:05: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa1/0/45, putting Fa1/0/45 in err-disable state
2522100: Oct 21 16:37:05: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0012.3f07.95d3 on port FastEthernet1/0/45.

All of the 3750's are running C3750-IPBASEK9-M, Version 12.2(53) SE2. Wireshark also shows the errdisable traps, but no other traps so I've ruled out the traps being missed. All of the switches have been reloaded and power cycled.

View 3 Replies View Related

Cisco Switching/Routing :: Add SMB SF300 - 24 Switch To Infrastructure

Nov 18, 2012

I am trying to add a Cisco SMB SF300 - 24 Switch to an infrastructure which has only Cisco Catalyst Switches The Core layer is Cisco Cataylst 4503 . Distribution is Cisco Catalyst 3560 and the Access Layer is Cisco 2960 Switches.There about 30 VLANs present in the infrastructure which is advertised to all switches using VTP. Inter VLAN routing is done at the Core Switches by creating Interface VLANs for every L2 VLAN.
 
 1. The new VLAN 150 needs to be created on the new Cisco SMB Switch. If I create a corresponding interface VLAN 150 on the Core Switches , will it route traffic to other VLANs just like it is currently working for Cisco Catayst 2960 Switches ?

2. Upon checking I could see that VTP is not supported on Cisco SMB Switches and I would need to go for GVRP if I need to advertise VLAN information to other Switches. But since GVRP is supported only on CatOS and there is no inter operability between GVRP and VTP , I would need to create VLANs manually on the new Switch . Is that correct ?

View 8 Replies View Related

Cisco Switching/Routing :: Trunk Between SF300 And 3560?

Jan 5, 2012

We have purchased 3 no CISCO SF300-48P (Access Switches) with the interest of setting up a new laboratory consisting of 120 desktops. We currently have a CISCO 4507R   (Core Switch) and a CISCO 3560 (Distribution Switch) for the campus wide network. Our network is developed with various VLANS to support Internet and Intranet facilities. The new lab need to be incorporated in to the Campus wide network with a new VLAN ID. But problem is while trunking the CISCO 3560 (Distribution switch) to the CISCO SF300-48P (Access Switch) communication does not happen. While, surfing the internet and various doc's say that SF300 uses GVRP instead of dot1q trunking.

View 4 Replies View Related

Cisco Switching/Routing :: Sf300 - Vlan Bandwidth Management?

Oct 20, 2012

i have a small network with Polycom phones connected to the sf300 switch and have the pc's daisy chained via the second switch port on each phone. i have the pc traffic running on the default vlan 1 and the voice traffic running on the voice vlan 100. can i do bandwidth management on a vlan/port basis or is that not necessary. i want to ensure that the voice traffic is never impacted by the pc traffic on the same cable.

View 2 Replies View Related

Cisco Switching/Routing :: SF300-24p / Access Internet On VLANs

Mar 16, 2013

i have one SF300-24p switch where i setup some Vlans and echolife hg8245 ONT router to access internet. the diagram is the following
 
VLAN1 (Subnet of users) -----> Switch SF300-24p 
VLAN2 (Subnet of users) -----> Switch SF300-24p 
VLAN3 (HG8245)  -----> Switch SF300-24p
 VLAN4 (Servers) -----> Switch SF300-24p 
 
i want to control access to internet on VLAN1 and VLAN2 (access on VLAN3), while providing access to VLAN4.My problem is in connecting to internet, i can't find a way to "route back traffic to VLANs 1 and 2 since HG8245 don't seem to provide proper static routing ON LAN interface. Maybe without resorting to changing the HG8245 router ?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved