Found duplicate mac-address error - NOT on more than 1 port problem

Unanswered Question
May 12th, 2010

Hi,

I've run in to this on 3750G's in a various sized stacks. We apply port security for a mac address on a single port (not existing on more than one port - that's  a different issue that appears in multiple posts already).

In this case:

1) We do a 'sho mac address-table and see that the device with the mac address in question lives on one port, port 1/0/x.

2) We apply mac port security for this exact same mac address to the same port it is already attached to.

switch(config)#int g2/0/2

switch(config-if)#switchport  port-security mac-address 001a.1ec8.abcd

3) Get this error: 'Found duplicate mac-address 001a.1ec8.abcd'

We again confirm that that is the only port on the entire switch that has this mac-address.

Try the command again, same error.

4) We do a bunch of show commands, get in and out of the switch, go back and then try it again, and now it works, same command, same port and same mac address.

...Aging is default 300

...These are Cisco wireless AP's attached to the switch

...This occurs on different switches with different ports using different mac addresses, always same symptoms.

Before I did in to a long drawn out isolation effort, anybody seen this before?

Thanks,

m.

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Ganesh Hariharan Wed, 05/12/2010 - 23:17

Hi,

I've run in to this on 3750G's in a various sized stacks. We apply port security for a mac address on a single port (not existing on more than one port - that's  a different issue that appears in multiple posts already).

In this case:

1) We do a 'sho mac address-table and see that the device with the mac address in question lives on one port, port 1/0/x.

2) We apply mac port security for this exact same mac address to the same port it is already attached to.

switch(config)#int g2/0/2

switch(config-if)#switchport  port-security mac-address 001a.1ec8.abcd

3) Get this error: 'Found duplicate mac-address 001a.1ec8.abcd'

We again confirm that that is the only port on the entire switch that has this mac-address.

Try the command again, same error.

4) We do a bunch of show commands, get in and out of the switch, go back and then try it again, and now it works, same command, same port and same mac address.

...Aging is default 300

...These are Cisco wireless AP's attached to the switch

...This occurs on different switches with different ports using different mac addresses, always same symptoms.

Before I did in to a long drawn out isolation effort, anybody seen this before?

Thanks,

m.

Can you paste the show run int gi2/0/2 output, Is there any switchport security commands is configured on this port..

Ganesh.H

mprescher Thu, 05/13/2010 - 08:37

Genesh,

switch#sh mac address-table address  001a.1ec8.5676
           Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
  160    001a.1ec8.5676    STATIC      Gi1/0/29
Total Mac Addresses for this criterion: 1


switch#sh run int g1/0/29
Building configuration...

Current configuration : 218 bytes
!
interface GigabitEthernet1/0/29
  description 01-01F-159S-BP29
  switchport access vlan 160
  switchport mode access
  switchport port-security
  switchport port-security violation restrict
  no snmp trap link-status
end

It doesn't seem to make any difference whether you enter the mac  addresss statement first or last, before the other port-security statements... the error will still occur. Further investigation finds that if you bouce the port, the error goes away. Right now that's part of the config change procedure work around. A bit clunky...and, traffic distruptive.

Thanks in advance for any ideas.

m.

mprescher Thu, 05/13/2010 - 09:26

Workaround or Solution:

We've now found through more testing that in fact, if other port-security lines are not present and the mac-address line is added first, in every case it is taking the command line without the duplicate error.

However, I still don't understand why a duplicate MAC message would appear, no matter the order of port-security command execution on the same port????

Thanks,

m.

MarcusCooper2 Wed, 02/15/2012 - 17:23

Hi there,

I was having similiar problem with switch 2960. The thing was I was using sticky address assignment not static, anyways when i tried to change the way MAC address is bound to the port (from sticky to static) I had the same error.

My "solution" was do the process with port-security again. So in my case first of all no switch port-security mac-address sticky and after that even no switch port-security.

So at the end of the day, up high !

ebarticel Wed, 02/15/2012 - 17:39

I think it has to do with port security defaults. By default is one secure mac per port, aging is disabled, and since the switch has the mac address already in the table when you try to confirm the same mac you get the duplicate errror.

Hope this helps

Eugen

tranminhc Fri, 03/01/2013 - 01:09

Hi,

You get this error when one computer (A) pluged in a secure port in the past, and its mac has attached already to this port, after that you pluged in  the PC to another secure port, and simultaneously aging feature was disabled. Therefore Admin must manually clear that mac config in the past.  Use the command show port-security address to check

which the interface the mac attached in the past.

Hope this help

Actions

This Discussion