06-12-2007 07:33 AM - edited 03-03-2019 05:24 PM
hi lads ,
wea re using port security with a maximum of 10 mac-addresses specified . WE are also using the sticky feature to aid the configuration. Everything is on one vlan in the organisation. Heres the problem when we take a laptop from a port int a different departmetent up to the I.T department and plug it into one of our ports , it doesn't work . The new port dosent go into an err-disable state and if we try to speific the mac address on the new port port we get "Mac address already exists . The mac-add is under the old port , when we remove the entry fom the old port it works any ideas . 3750 stack running 12.2(25) SEB4.
Thanks in advance.
Kevin
06-12-2007 12:01 PM
Kevin
check teh config of the 1stswitch and check if teh mac address has been added to it. this is what "port-security mac-address sticky" and if it is the case, of course you will have a duplicate mac-address.
to remove it, use "no switchport port-security mac-address mac-address" this should clear your issue.
HTH
Sam
06-12-2007 12:10 PM
Have you tweaked the aging setting ?
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/cr/cli3.htm#wp1948525
06-13-2007 03:24 AM
hi lads
thanks for the replies.
Yes I have speficed a time and action but the mac address stays ubder the original port but when I do a sh mac-address table xxxxx.xxxx.xxxx the mac address is no longer mapped to any port . The new port still passes no traffic.
06-13-2007 04:26 AM
here is the configuration as you can see the time and aging action have been specifed but it dosent work. Is there something we are missing here or is this a possible issue with the cam table and aging mac addresses timer on the interface .
Any ideas would be great....
interface FastEthernet4/0/27
switchport mode access
switchport port-security
switchport port-security maximum 10
switchport port-security aging time 6
switchport port-security aging type inactivity
switchport port-security mac-address sticky
switchport port-security aging static
switchport port-security mac-address sticky 000b.cdf7.2748
switchport port-security mac-address sticky 0012.79be.d781
switchport port-security mac-address sticky 0015.60bb.a189
switchport port-security mac-address sticky 00b0.d018.0034
switchport port-security mac-address sticky 00c0.9f76.7e83
switchport port-security mac-address sticky 00c0.9f76.7ea5
spanning-tree portfast
spanning-tree bpduguard enable
06-13-2007 05:33 AM
also I noticed that under the remaining time in the age colum under the show port-security
is set ot a - sign , it should give a relevant number as time decreases instead its stuck at - .
Again any idea would be great.
06-13-2007 05:39 AM
Do you shutdown the laptop before taking it to a new port at the other location ?
06-13-2007 05:52 AM
thanks for all the posts lads,
I believe I've figured it out , you dont appear to be able to use the sticky command under the interface and also the aging-time .
When the sticky command is removed the time out works fine , although you can type in both commands the timeout will never work because the sticky command copies the mac address to the config .
06-13-2007 06:02 AM
Ah, so one of the mac-address listed above was the laptop's ? Well, yeah, you are statically associating that mac-address to the port.
06-13-2007 07:58 AM
use "no switchport port-security mac-address mac-address" this should clear your issue.
once u have removed ur PC, use teh above then recheck if mac address is still part of the config...it shoudl not be there anymore which means no duplication.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: