CommScope RUCKUS Community Forums

muhammad_akid_b · ‎08-29-2024

i enable port security on ports after connect a pc, the switch learn the mac address, set violation shutdown, i swap port interface to other pc it doesn't shut down

am i missing something?

MariaC862 · ‎09-02-2024

Hello!

Can you please indicate the software version and share the config set on the port?

This info will help me understand why the switch is not behaving as expected. Thanks!

muhammad_akid_b · ‎09-09-2024

ICX7150-24 Switch(config-port-security-mif-1/1/1-1/1/2)# sh ru int
interface ethernet 1/1/1
port security
enable
violation shutdown
age 1440 absolute
secure-mac-address xxxx.xxxx.xxxx 1
!
interface ethernet 1/1/2
port security
enable
violation shutdown
age 1440 absolute
secure-mac-address yyyy.yyyy.yyyy 1
!
ICX7150-24 Switch(config-port-security-mif-1/1/1-1/1/2)# sh ru int
interface Interface running-config section
ICX7150-24 Switch(config-port-security-mif-1/1/1-1/1/2)# sh ru interface
interface ethernet 1/1/1
port security
enable
violation shutdown
age 1440 absolute
secure-mac-address yyyy.yyyy.yyyy 1
!
interface ethernet 1/1/2
port security
enable
violation shutdown
age 1440 absolute
secure-mac-address xxxx.xxxx.xxxx 1

Copyright (c) Ruckus Networks, Inc. All rights reserved.
UNIT 1: compiled on Dec 16 2021 at 03:40:25 labeled as SPS08095f
(31457280 bytes) from Primary SPS08095f.bin (UFI)
SW: Version 08.0.95fT211
Compressed Primary Boot Code size = 786944, Version:10.1.21T225 (mnz10121)
Compiled on Wed Aug 25 06:27:49 2021

HW: Stackable ICX7150-24
==========================================================================
UNIT 1: SL 1: ICX7150-24-4X1G 24-port Management Module
Serial #:FEG3232T245
Software Package: BASE_SOFT_PACKAGE
Current License: 4X1G
P-ASIC 0: type B160, rev 11 Chip BCM56160_B0
==========================================================================
UNIT 1: SL 2: ICX7150-2X1GC 2-port 2G Module
==========================================================================
UNIT 1: SL 3: ICX7150-4X10GF 4-port 40G Module
==========================================================================
1000 MHz ARM processor ARMv7 88 MHz bus
8 MB boot flash memory
2 GB code flash memory
1 GB DRAM
STACKID 1 system uptime is 17 minute(s) 8 second(s)
The system started at 03:40:47 GMT+00 Thu Dec 16 2021

it learned mac address, swapped port
still not even shut down

MariaC862 · ‎09-11-2024

Hello,

Thank you for your patience. The configuration appears correct. To clarify how port security violation shutdown works:

If port security is configured with the violation action set to "shutdown," the switch port will shut down if a security violation occurs. For example, if port 1 is configured to allow only a specific MAC address (say MAC 1), and you connect a different device (e.g., Computer 5) to port 1, the port will be shut down because the new MAC address does not match the allowed MAC address.

To address your concern, if you connect Computer 1 to port 2, port 2 will only shut down if it has already learned a different MAC address than the one currently being used by Computer 1. In other words, port 2 will shut down if Computer 1's MAC address is not on the list of allowed MAC addresses for that port, but this will not affect port 1.

In summary, a port will shut down only if a violation occurs on that specific port, not on other ports, unless those other ports also experience a security violation based on their own configuration.

I hope that is helpful, thanks!

muhammad_akid_b · ‎09-12-2024

so if i set mac max to 1 will it shutdown?

CommScope RUCKUS Community Forums

Port security saving learned mac add, port security doesnt work its fuction