2 NIC teaming and port security issue

Unanswered Question
Sep 12th, 2008

we have server with 2 NICs connect to differrent switches (CAT6), server using HP build-in software to run network teaming. and we also configured port security on the switch port and only allow 1 mac address.

I also checked the server teaming configuration, 2 NICs original mac adress are :AAAAAAAAAAAA and BBBBBBBBBB, after binding to teaming, the virtual MAC address is BBBBBBBBBBBBB.

it was working properly at first, until I plug out one connection, which happen to be the active connection, the server got disconnected form the network, and the switch returned me the error msg:"

%PORT_SECURITY-SP-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address AAAAAAAAAAAA on port GigabitEthernet3/20."

when i checked the mac address table using command "show mac-address-table interface gX/XX", gX/XX is the port connect to the NIC with MAC AAAAAAAAAAAA. I got 2 record, one is static and ther other is dynamic:

* 90 AAAAAAAAAAAA static Yes - Gi3/20

* 90 BBBBBBBBBBBB dynamic Yes 45 Gi3/20

i did not configure any "static" mac on the switch, and how come there is static mac address in the record? If I can remove that static record, we can slove that issue. I have checked the cisco web site and foum topic, some posts also raised the same issue but no solution yet.

I also post my port configuration for your infomation:

interface GigabitEthernet3/20


switchport access vlan 900

switchport mode access

switchport port-security

switchport port-security violation restrict

no ip address

spanning-tree portfast


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Sebastian Helmer Fri, 09/12/2008 - 22:22

I think your config is not right for this situation.

Default port-security allows only 1 MAC and like you see after a error of one NIC the mac change.

Or your problem is "restrict" because you need to remove a sufficient number of secure MAC addresses to drop below the maximum value.

So recommend you to add this:

"switchport port-security maximum 2"

For more information see:



PS: I prefer to diable cdp on server ports..

shibindong Sat, 09/13/2008 - 06:28

thanks for your reply, I think you are still not clear about my problem:

of course i can solve the problem by setting the maximum number of MAC addresses to 2, but i don't think it is the good way. Because I saw there are 2 MAC addresses entries in the switch: 1 is static and 1 is dynsmic, if i can remove the static MAC entry, problem can be sloved.

But i don't know why there is a static entry and how to remove it.

Ryan Carretta Sun, 09/14/2008 - 00:06


Port-security installs its entries into the CAM table as static entries. The AAAAAAAAAAAA entry you see as static is likely the secure address.

Try using the 'show port-security' commands to check out the secure address(es) on the interface.


shibindong Sun, 09/14/2008 - 18:09

thanks for your reply, that's what i wanted. So does that means, there is no way to implement port security maximum 1 and NICs teaming together?


This Discussion