Static MAC and port security question

Unanswered Question
Sep 16th, 2010
User Badges:

We have port security turned on:

switchport port-security
switchport port-security maximum 2
switchport port-security violation restrict


We were getting an error on the port (with only 1 device connected to this port):

Sep 16 15:49:42: %PORT_SECURITY-SP-2-PSECURE_VIOLATION: Security violation occur
red, caused by MAC address b8ac.6fb1.2b11 on port GigabitEthernet1/2


Turned off port security - device then works however we want the security on and are trying to figure out why we are getting this error with only 1 MAC on port.


Tried to turn port security back on and get error stating can't turn on due to static MAC entry on port???

Looked for static MAC entry, there isn't one.  Ran the command to delete actual static mac b8ac.6fb1.2b11 and it says that MAC does not exist.

When you do a sh mac on the interface it shows as being there????


E-1-6K#sh mac address-table interface g1/2
Legend: * - primary entry
        age - seconds since last seen
        n/a - not available

  vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+-------------------------
Active Supervisor:
*   12  b8ac.6fb1.2b11    static  Yes          -   Gi1/2

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Sebastian Helmer Mon, 09/20/2010 - 02:51
User Badges:
  • Silver, 250 points or more

Hi,



what do the command  "show port-security address" show to you?


Also please check that note from the Cisco Dokument:


"When port security is enabled, if an address  learned or configured on one secure interface is seen on another secure  interface in the same VLAN, port security puts the interface into the  error-disabled state immediately."


best regards

Sebastian

Actions

This Discussion