Reset Search
 

 

Article

Why does traffic stop passing after port security is configured

« Go Back

Information

 
TitleWhy does traffic stop passing after port security is configured
Question
Why does switch no longer pass network traffic after port_security is configured on switch?
Environment
  • 800 Series
  • All firmware versions
Answer
This is an error in the configuration when setting up port_security on the switch. Telling the switch to globally allow lesser MAC addresses than what is expected on the port level; the default system max is "no_limit".

If the value of the "system max_learning_addr" (1) is lower than the value of the "max_learning_addr" (5) at the port level, network traffic may no longer be forwarded. 
config port_security system max_learning_addr 1
config port_security ports 1-48 admin_state disable max_learning_addr 5 lock_address_mode deleteontimeout

Correct configuration example:
 
config port_security system max_learning_addr no_limit
config port_security ports 1-48 admin_state enable max_learning_addr 5 lock_address_mode deleteontimeout





 
Additional notes
If you wish to configure a set amount of allowed MAC addresses globally, you need to calculate all the expected MAC addresses on that switch and make sure the system max is a higher value than that on the port level. 

Please refer to the configuration guide for additional details.

In addition you can set this command to log traps for port_security:
enable port_security trap_log

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255