cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1682
Views
0
Helpful
9
Replies

port security duplicate mac address

kcornally
Level 1
Level 1

hi lads ,

wea re using port security with a maximum of 10 mac-addresses specified . WE are also using the sticky feature to aid the configuration. Everything is on one vlan in the organisation. Heres the problem when we take a laptop from a port int a different departmetent up to the I.T department and plug it into one of our ports , it doesn't work . The new port dosent go into an err-disable state and if we try to speific the mac address on the new port port we get "Mac address already exists . The mac-add is under the old port , when we remove the entry fom the old port it works any ideas . 3750 stack running 12.2(25) SEB4.

Thanks in advance.

Kevin

9 Replies 9

cisco_lad2004
Level 5
Level 5

Kevin

check teh config of the 1stswitch and check if teh mac address has been added to it. this is what "port-security mac-address sticky" and if it is the case, of course you will have a duplicate mac-address.

to remove it, use "no switchport port-security mac-address mac-address" this should clear your issue.

HTH

Sam

Edison Ortiz
Hall of Fame
Hall of Fame

hi lads

thanks for the replies.

Yes I have speficed a time and action but the mac address stays ubder the original port but when I do a sh mac-address table xxxxx.xxxx.xxxx the mac address is no longer mapped to any port . The new port still passes no traffic.

here is the configuration as you can see the time and aging action have been specifed but it dosent work. Is there something we are missing here or is this a possible issue with the cam table and aging mac addresses timer on the interface .

Any ideas would be great....

interface FastEthernet4/0/27

switchport mode access

switchport port-security

switchport port-security maximum 10

switchport port-security aging time 6

switchport port-security aging type inactivity

switchport port-security mac-address sticky

switchport port-security aging static

switchport port-security mac-address sticky 000b.cdf7.2748

switchport port-security mac-address sticky 0012.79be.d781

switchport port-security mac-address sticky 0015.60bb.a189

switchport port-security mac-address sticky 00b0.d018.0034

switchport port-security mac-address sticky 00c0.9f76.7e83

switchport port-security mac-address sticky 00c0.9f76.7ea5

spanning-tree portfast

spanning-tree bpduguard enable

also I noticed that under the remaining time in the age colum under the show port-security

is set ot a - sign , it should give a relevant number as time decreases instead its stuck at - .

Again any idea would be great.

Do you shutdown the laptop before taking it to a new port at the other location ?

thanks for all the posts lads,

I believe I've figured it out , you dont appear to be able to use the sticky command under the interface and also the aging-time .

When the sticky command is removed the time out works fine , although you can type in both commands the timeout will never work because the sticky command copies the mac address to the config .

Ah, so one of the mac-address listed above was the laptop's ? Well, yeah, you are statically associating that mac-address to the port.

use "no switchport port-security mac-address mac-address" this should clear your issue.

once u have removed ur PC, use teh above then recheck if mac address is still part of the config...it shoudl not be there anymore which means no duplication.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: