Port Security Reset
Port security marries a device (by it's mac address) to a switch port, so that moving or changing a device will often disable the port. Use the following to reset device/port association(s):
- Get Mac address of phone and verify it's built correctly in CUCM
- Log into ERS/TR/closet-switch in question
- Turn on monitoring (
term monfrom ers prompt) - Get status of the port the phone is connected to.
Note: if you do not know the port info, log into the distribution switch and look up the mac address. The command is:
show mac address-table address xxxx.xxxx.xxxx (the mac you are looking for), then log into the ERS indicated by this search.
- Once you have found the proper ERS/IP Phone port location, stat the port (
show run int gi1/0/xx) to see the status - Do a
show mac address-table address xxxx.xxxx.xxxxcommand of the mac to see what ports on the ERS are associated with this address? - If multiple locations are shown, each port will have to be cleared by doing the following:
Log into the port:
shut shut down the port no switch port disable port security no switch port mac sticky forget the associated mac
Then:
no shut enables the port switch Port enables port security switch port mac sticky learn the connected device mac
- Then check the mac address:
show mac address-table address xxxx.xxxx.xxxx - Verify that the port was cleared - if not, then this port is the actual port the phone is connected to, the remaining ports assigned to that mac will need to be cleared as well. In the end, 1 mac address should be associated with 1 port on the ers.
- Once all is cleared and correct, you must
wr(orcopy run start) the ers so the data will be saved... - Turn off Term Mon (
no term mon)
You can find port security violations with: switchport port-security violation shutdown.