cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
34063
Views
40
Helpful
8
Replies

Found duplicate mac-address error - NOT on more than 1 port problem

mprescher
Level 1
Level 1

Hi,

I've run in to this on 3750G's in a various sized stacks. We apply port security for a mac address on a single port (not existing on more than one port - that's  a different issue that appears in multiple posts already).

In this case:

1) We do a 'sho mac address-table and see that the device with the mac address in question lives on one port, port 1/0/x.

2) We apply mac port security for this exact same mac address to the same port it is already attached to.

switch(config)#int g2/0/2

switch(config-if)#switchport  port-security mac-address 001a.1ec8.abcd

3) Get this error: 'Found duplicate mac-address 001a.1ec8.abcd'

We again confirm that that is the only port on the entire switch that has this mac-address.

Try the command again, same error.

4) We do a bunch of show commands, get in and out of the switch, go back and then try it again, and now it works, same command, same port and same mac address.

...Aging is default 300

...These are Cisco wireless AP's attached to the switch

...This occurs on different switches with different ports using different mac addresses, always same symptoms.

Before I did in to a long drawn out isolation effort, anybody seen this before?

Thanks,

m.

8 Replies 8

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hi,

I've run in to this on 3750G's in a various sized stacks. We apply port security for a mac address on a single port (not existing on more than one port - that's  a different issue that appears in multiple posts already).

In this case:

1) We do a 'sho mac address-table and see that the device with the mac address in question lives on one port, port 1/0/x.

2) We apply mac port security for this exact same mac address to the same port it is already attached to.

switch(config)#int g2/0/2

switch(config-if)#switchport  port-security mac-address 001a.1ec8.abcd

3) Get this error: 'Found duplicate mac-address 001a.1ec8.abcd'

We again confirm that that is the only port on the entire switch that has this mac-address.

Try the command again, same error.

4) We do a bunch of show commands, get in and out of the switch, go back and then try it again, and now it works, same command, same port and same mac address.

...Aging is default 300

...These are Cisco wireless AP's attached to the switch

...This occurs on different switches with different ports using different mac addresses, always same symptoms.

Before I did in to a long drawn out isolation effort, anybody seen this before?

Thanks,

m.

Can you paste the show run int gi2/0/2 output, Is there any switchport security commands is configured on this port..

Ganesh.H

Genesh,

switch#sh mac address-table address  001a.1ec8.5676
           Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
  160    001a.1ec8.5676    STATIC      Gi1/0/29
Total Mac Addresses for this criterion: 1


switch#sh run int g1/0/29
Building configuration...

Current configuration : 218 bytes
!
interface GigabitEthernet1/0/29
  description 01-01F-159S-BP29
  switchport access vlan 160
  switchport mode access
  switchport port-security
  switchport port-security violation restrict
  no snmp trap link-status
end

It doesn't seem to make any difference whether you enter the mac  addresss statement first or last, before the other port-security statements... the error will still occur. Further investigation finds that if you bouce the port, the error goes away. Right now that's part of the config change procedure work around. A bit clunky...and, traffic distruptive.

Thanks in advance for any ideas.

m.

Workaround or Solution:

We've now found through more testing that in fact, if other port-security lines are not present and the mac-address line is added first, in every case it is taking the command line without the duplicate error.

However, I still don't understand why a duplicate MAC message would appear, no matter the order of port-security command execution on the same port????

Thanks,

m.

MarcusCooper2
Level 1
Level 1

Hi there,

I was having similiar problem with switch 2960. The thing was I was using sticky address assignment not static, anyways when i tried to change the way MAC address is bound to the port (from sticky to static) I had the same error.

My "solution" was do the process with port-security again. So in my case first of all no switch port-security mac-address sticky and after that even no switch port-security.

So at the end of the day, up high !

Hello from 2021! Thanks for this.

ebarticel
Level 4
Level 4

I think it has to do with port security defaults. By default is one secure mac per port, aging is disabled, and since the switch has the mac address already in the table when you try to confirm the same mac you get the duplicate errror.

Hope this helps

Eugen

Hi,

You get this error when one computer (A) pluged in a secure port in the past, and its mac has attached already to this port, after that you pluged in  the PC to another secure port, and simultaneously aging feature was disabled. Therefore Admin must manually clear that mac config in the past.  Use the command show port-security address to check

which the interface the mac attached in the past.

Hope this help

cam1729
Level 1
Level 1

Hello, I am a little late to the discussion but I had the same issue in Packet Tracer and was able to resolve it by clearing out port-security configs on that interface (with no commands such as 'no switchport port-fast mac-address sticky') then copying running config to startup config ('copy running-config startup-config') and rebooting the switch with the reload command (simply just 'reload' in privileged exec mode). This might be a little better so you don't lose any other changes you made on the switch. For reference I was working with a 2960-24tt switch. Anyway this is definitely a bug and I hope this helps!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: