Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
469
Views
0
Helpful
3
Replies

why is port security errdisabling a small number of ports with no obvious fault?

Go to solution
christopherdelporto
Level 1
Level 1

‎08-19-2014 10:23 AM - edited ‎03-07-2019 08:26 PM

I have two core switches with between 50 and 100 ports each configured for end users.  I have port security enabled on all of these ports.  3 of these ports in unrelated locations will almost immediately errdisable when portsecurity is turned on but are fine otherwise.  I have sticky MAC addresses on and have repeatedly reset the ports and the MAC addresses associated with them to no effect.  There is only one device connected to each port, a zero client.  The running configuration is identical to other working ports.  Is this a connection issue?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Florian Holzapfel
Level 1
Level 1

‎08-19-2014 12:27 PM

Hi,

 

do you use any other security feature like dhcp snooping or dot1x?

with show port-security <interface> you get an output for securing-down the port.

 

also you can try debug port-security and provoke the error. then you can show me the output and I can help you.

 

I guess you use dot1x or not?

 

kind regards,

Flo

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Florian Holzapfel
Level 1
Level 1

‎08-19-2014 12:27 PM

Hi,

 

do you use any other security feature like dhcp snooping or dot1x?

with show port-security <interface> you get an output for securing-down the port.

 

also you can try debug port-security and provoke the error. then you can show me the output and I can help you.

 

I guess you use dot1x or not?

 

kind regards,

Flo

0 Helpful

Go to solution
christopherdelporto
Level 1
Level 1
In response to Florian Holzapfel

‎08-19-2014 01:09 PM

Aha!

Thank you for the direction Flo.  I don't have much experience with running the debug function, but when I did the problem was obvious.  One of the other ports on the switch had the same MAC address in it.  We sometimes move out thin clients around (we are in a school).  Apparently we had a port that we weren't using that the thin client was moved from.  The port was shut down but the sticky mac address was still in the configuration and was causing the problem port to be disabled.

I did the debug and provoked the error and was told which port was causing the problem and removed the MAC address from the unused port.  I've been banging my head on this one for a while but it was a  very easy fix.  Thanks!

0 Helpful

Go to solution
rosaho
Level 3
Level 3
In response to christopherdelporto

‎08-03-2015 02:17 PM

This discussion has been reposted from Additional Communities to the LAN, Switching and Routing community.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card