×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

why is port security errdisabling a small number of ports with no obvious fault?

Answered Question
Aug 19th, 2014
User Badges:

I have two core switches with between 50 and 100 ports each configured for end users.  I have port security enabled on all of these ports.  3 of these ports in unrelated locations will almost immediately errdisable when portsecurity is turned on but are fine otherwise.  I have sticky MAC addresses on and have repeatedly reset the ports and the MAC addresses associated with them to no effect.  There is only one device connected to each port, a zero client.  The running configuration is identical to other working ports.  Is this a connection issue?

Correct Answer by Florian Holzapfel about 3 years 18 hours ago

Hi,

 

do you use any other security feature like dhcp snooping or dot1x?

with show port-security <interface> you get an output for securing-down the port.

 

also you can try debug port-security and provoke the error. then you can show me the output and I can help you.

 

I guess you use dot1x or not?

 

kind regards,

Flo

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Florian Holzapfel Tue, 08/19/2014 - 12:27
User Badges:

Hi,

 

do you use any other security feature like dhcp snooping or dot1x?

with show port-security <interface> you get an output for securing-down the port.

 

also you can try debug port-security and provoke the error. then you can show me the output and I can help you.

 

I guess you use dot1x or not?

 

kind regards,

Flo

christopherdelporto Tue, 08/19/2014 - 13:09
User Badges:

Aha!

Thank you for the direction Flo.  I don't have much experience with running the debug function, but when I did the problem was obvious.  One of the other ports on the switch had the same MAC address in it.  We sometimes move out thin clients around (we are in a school).  Apparently we had a port that we weren't using that the thin client was moved from.  The port was shut down but the sticky mac address was still in the configuration and was causing the problem port to be disabled.

I did the debug and provoked the error and was told which port was causing the problem and removed the MAC address from the unused port.  I've been banging my head on this one for a while but it was a  very easy fix.  Thanks!

Actions

This Discussion

Related Content