Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Static MAC and port security question

We have port security turned on:

switchport port-security
switchport port-security maximum 2
switchport port-security violation restrict

We were getting an error on the port (with only 1 device connected to this port):

Sep 16 15:49:42: %PORT_SECURITY-SP-2-PSECURE_VIOLATION: Security violation occur
red, caused by MAC address b8ac.6fb1.2b11 on port GigabitEthernet1/2

Turned off port security - device then works however we want the security on and are trying to figure out why we are getting this error with only 1 MAC on port.

Tried to turn port security back on and get error stating can't turn on due to static MAC entry on port???

Looked for static MAC entry, there isn't one.  Ran the command to delete actual static mac b8ac.6fb1.2b11 and it says that MAC does not exist.

When you do a sh mac on the interface it shows as being there????

E-1-6K#sh mac address-table interface g1/2
Legend: * - primary entry
        age - seconds since last seen
        n/a - not available

  vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+-------------------------
Active Supervisor:
*   12  b8ac.6fb1.2b11    static  Yes          -   Gi1/2

1 REPLY

Re: Static MAC and port security question

Hi,

what do the command  "show port-security address" show to you?

Also please check that note from the Cisco Dokument:

"When port security is enabled, if an address  learned or configured on one secure interface is seen on another secure  interface in the same VLAN, port security puts the interface into the  error-disabled state immediately."

best regards

Sebastian

799
Views
0
Helpful
1
Replies