It might be easier if the interface could recover itself after a certain time. To get the interface out of err-disable state you need to type “shutdown” followed by “no shutdown”. This probably means another call to the helpdesk and you bringing the interface back to the land of the living! Let’s activate it again: Switch(config)# interface fa0/1 Shutting the interface after a security violation is a good idea (security-wise) but the problem is that the interface will stay in err-disable state. Switch# show interfaces fa0/1įastEthernet0/1 is down, line protocol is down (err-disabled)
#Cisco mac address range mac#
You can see the violation mode is shutdown and that the last violation was caused by MAC address 0e.5023 (H1). Use show port-security interface to see the port security details per interface. Here is a useful command to check your port security configuration. Last Source Address:Vlan : 0e.5023:1Security Violation Count : 1 Our database comes in the following forms: JSON, CSV, XML, Cisco vendorMacs.xml for maximum compatibility and fast integration into existing systems.
#Cisco mac address range download#
Let’s take a closer look at port-security: Switch# show port-security interface fa0/1 Download an exhaustive MAC Address Vendor Database for your educational, business or enterprise needs. We have a security violation and as a result the port goes in err-disable state. %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0e.5023 on port FastEthernet0/1. Unicast MAC address represents a specific NIC or onboard NIC ports in the network. There are three types of MAC address unicast, multicast, and broadcast. Thus, this procedure ensures that no two NICs use the same MAC address in the universe. %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/1, putting Fa0/1 in err-disable state It also shows MAC addresses of 5 NICs from each company. I’m pinging to some bogus IP address…there is nothing that has IP address 1.2.3.4 I just want to generate some traffic. Now we’ll generate some traffic to cause a violation: C:\Documents and Settings\H1> ping 1.2.3.4 Use the switchport port-security mac-address command to define the MAC address that you want to allow. Switch(config-if)# switchport port-security mac-address