1 Reply Latest reply: Dec 4, 2019 10:17 PM by Martin RSS

    Port security in VIRL

    Randy

      I have a lab in VIRL to test out port security, but I do not appear to be getting a violation.  This is causing me to question my understanding of port security.  As you can see via my config below, I have a server connected to port 0/3 with a MAC of "fa16.3e58.d3b4".  I then created a false entry in the port-security config for MAC "fa16.3e58.d3b5". My understanding is that this should only allow the single MAC address of "fa16.3e58.d3b5, and anything else would be a violation.  Therefore, I expect this to be a violation.  Is that not the case?  I also noticed that this specific feature isn't documented as supported on the IOSvL2.

       

      iosvl2-1#sho port-security interface gigabitEthernet 0/3

      Port Security              : Enabled

      Port Status                : Secure-up

      Violation Mode             : Shutdown

      Aging Time                 : 0 mins

      Aging Type                 : Absolute

      SecureStatic Address Aging : Disabled

      Maximum MAC Addresses      : 1

      Total MAC Addresses        : 1

      Configured MAC Addresses   : 1

      Sticky MAC Addresses       : 0

      Last Source Address:Vlan   : fa16.3e58.d3b4:2

      Security Violation Count   : 0

       

      !

       

      interface GigabitEthernet0/3

      description to server-1

      switchport access vlan 2

      switchport mode access

      switchport port-security mac-address fa16.3e58.d3b5

      switchport port-security

      media-type rj45

      negotiation auto

      end

       

      !

       

      iosvl2-1#sho port-security address

                     Secure Mac Address Table

      -----------------------------------------------------------------------------

      Vlan    Mac Address       Type                          Ports   Remaining Age

                                                                         (mins)   

      ----    -----------       ----                          -----   -------------

         2    fa16.3e58.d3b4    SecureDynamic                 Gi0/3        -

         2    fa16.3e58.d3b5    SecureConfigured              Gi0/3        -

       

      !

       

      iosvl2-1#sho mac address-table                                     

                Mac Address Table

      -------------------------------------------

       

       

      Vlan    Mac Address       Type        Ports

      ----    -----------       --------    -----

         2    fa16.3e58.d3b4    STATIC      Gi0/3

         2    fa16.3e58.d3b5    STATIC      Gi0/3