Header Only - DO NOT REMOVE - Extreme Networks

port security


I have several x250e switches, recently i applied port security on them and i excluded some ports from it, i have been facing some issues and i need help, some PC's which i applied the port security on them on specific ports refuse to take an ip address when i connect them to another port "to a port that i didn't apply port security on it"

5 replies

Userlevel 7
Cool story but not a lot to work with.

Post the port config of both ports in the example and the software version of the switch.

Did you do any troubleshooting because I don't see anything related in the post.
I did a restart to the PC it didn't work.

I tried to apply release and renew commands to force the PC to have a new IP on the port"the port with no port security" it didn't work (the PC is working normally when i return it back to it's original port)

i tried to put another PC "that i already know that it's MAC address is not locked on any other port" on this port and it got an IP from this port.

The only solution that works is to unlock the port that have the port security for this PC

ExtremeXOS version 12.3.4.12 v1234b12

The configuration that we have on the ports are just :
-configuring a vlan and assign the ports to it
-configure port "the port number "vlan" the name of the vlan" lock-learning
Userlevel 7
function as designed....

I've configured it on port#6 and then removed the device from #6 and connected it to #7 (no lock-learning)

As lock-learning was enabled on #6 the MAC of the device is stored as static in the FDB - because static has a higher prio then dynamic the dynamic learned MAC on #7 is stored in the FDB.

the device was connected on #7 but as you'd see the MAC is still on #6 even the port is down.

Thank you Ronald Dvorak ,

I just want to ask you another question , are all Extreme switches act like that ?

Because i tried to put PC "with locked MAC address on a port" on another switch and i faced the same issue, and at least how should i know the port number that this PC MAC address is locked on or just unlock-learning this MAC without knowing the port number.
Userlevel 2
use this command:

show conf fdb

Reply