This article explains some of the default port security settings on the Cisco Business 250 and 350 switches. If you have a device on your network that is not receiving an IP address, you can view and change the settings to see if it corrects the issue.
It is important to run the latest version of the upgrade-firmware-if-needed when a new release comes out. In spring of 2021, version 3.1 for CBS 250 and 350 switches was released, changing the Port Security default behavior. These changes were made to improve endpoint security.
In earlier versions of the software, if you configured a port as locked, you would see the device that was attached to that locked port as a static Media Access Control (MAC) address. When you moved the device, the static MAC address was removed by default. That MAC address would be able to receive a DHCP address.
From version 3.1 moving forward, once a device has been locked and labeled as a static MAC address on a specific port, it will only be able to receive an IP address on that port. If you move the device to another port it will not be able to receive an IP address.
Long story short, if you lock a port with a MAC address attached to that port, and you move that device to another port, you need to unlock that port to release that MAC address.
Navigate to Security > Port Security.
Look over the Interface Status of each port. This example shows the Interface Status as Locked.
Navigate to MAC Address Tables > Static Addresses.
You will see the MAC address of the device that you had assigned to the port.
To view the MAC addresses that are receiving a DHCP IP address, navigate to MAC Address Tables > Dynamic Addresses.
The MAC addresses of devices listed are able to receive a DHCP IP address. Notice that the MAC address of the device is not listed. The MAC address, 10:f9:20:12:86:ce is not able to receive a DHCP IP address.
Navigate to Security > Port Security.
Click on an Interface and click the edit icon.
If you want to unlock the port, uncheck the Lock radio button. Click Apply.
The Interface Status should now show as unlocked.
Navigate to MAC Address Tables > Static Addresses.
The MAC address is no longer listed on the Static Address Table.
Navigate to MAC Address Tables > Dynamic Addresses.
The MAC addresses of devices listed are able to receive a DHCP IP address. Notice that the MAC address of the device is now listed on this page. This shows that the MAC address is now able to receive an IP address.
Click the save icon to permanently save the configuration.
That’s it! Your device should be able to receive a DHCP IP address.
Looking for more articles on your CBS250 or CBS350 switch? Check out any of the links below for more information!
Revision | Publish Date | Comments |
---|---|---|
1.0 |
12-May-2021 |
Initial Release |