Cisco Support Community
Community Member



We are experiencing  port security violations from the  one lappy mac-addresses.  Please review the technical information below and let me know if you have any insight.

int f1/2
 switchport access vlan 100
 switchport mode access
 switchport voice vlan 500
 switchport port-security
 switchport port-security maximum 4
 switchport port-security aging time 1
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 ip arp inspection limit rate 150
  spanning-tree portfast edge

int g1/1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan all

Mar 14 14:25:46: PORT_SECURITY-SP-2-PSECURE_VIOLATION Security violation occurred, caused by MAC address 422f.00a5.01ce on port FastEthernet1/2

Hopus#sh mac-address-table static | inc 0422f
*   3  422f.00a5.01ce    static  Yes          -   Gi1/1  >> Uplink port.

Hence I am not able to use this machine anymore on my switch. ( As soon as I connect the laptop to port f1/2 or any other port i get the above error msg) also I dont have any static or sticky configuration on my switch. Its simple config it should work.

I already tried shut/no shut of the port f1/2 but that didnt help. So only way to remove the mac from arp?

If anyone can provide me the valid reason for this behaviour that would be appriciated.




Hey Fari,Provide the

Hey Fari,

Provide the following outputs:

#show port-security address

#show port-security int f1/2

#show port-security int g1/1

#show port-security



Cisco Employee

why would we recieve a packet

why would we recieve a packet from an access port with default gateway's MAC address as the source address?


may i know what is this device? like, laptop? with docking station? etc..

Community Member

Hi Fumohamm,Yes thats the

Hi Fumohamm,

Yes thats the reason I open this thread. I am working on this for a long period and quite disturb with the way the device is behaving .

Here is te info you want:

Device is Cisco 6509 .

Fast 1/2 is connected to my workstation/laptop.

So I removed that laptop but still I see that its been seen on the Uplink port rather than getting removed.


Please let me know your opinion on this as i am struck with this.


thanks in advance.


Cisco Employee

when i asked about the device

when i asked about the device, i wanted to know more about the laptop.. i know of such behavior with lenova USB 3 docking station.


can we track this MAC address switch by switch to find where is this located?

Community Member

Fumohamm,If I remove the


If I remove the laptop and dont connect to any switch still I see the above behaviour.

thats the reason I am in shock. I agree if I connect to any other switch then we can say something out of it but if I remove the laptop and dont connect to any switch still i see that the mac address is stick to the uplink port.



Cisco Employee

i understand that. thats why

i understand that. thats why i am asking. can you follow the port and try to find from where this MAC address is seen in the network when you disconnect the laptop?

This MAC doesnt seem to belong to any vendor as per so, it looks like the MAC was statically configured on 1 or more devices (possibly). try to track this MAC and see if you can find another end host.

Community Member

fumohamm ,I understand what

fumohamm ,

I understand what you are trying to ask, I have done all those as I am in cisco network since couple of years now.

Okay here is my second testing i did:

I connected my laptop and removed it but still i see the mac address been seen from uplink port rather than getting flushed or removed when the laptop was removed.

Do you think any bug?




Cisco Employee

Hi Fari,Could you please try

Hi Fari,

Could you please try reloading the switch once?

I have tested in my lab and it works fine as expected nothing sort of the behaviour you have mentioned above.




So, your access switch thinks

So, your access switch thinks it has seen the MAC address from the uplink.  OK, so go to the switch on the other end of the G1/1 uplink, and try show mac addr addr 422f.00a5.01ce.  Where has the uplink switch seen the MAC address?  OK, so follow that port onto the next switch and do the show mac addr command again.  Keep going till you find an edge port.  Then you have found the culprit.


Kevin Dorrell


Community Member

My question is, what does it

My question is, what does it mean if he finds the mac on a device from a different switch? Was this ever resolved? I'm having the same issue.

Cisco Employee

can you try disabling ip

can you try disabling ip device tracking?

CreatePlease to create content