Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4625
Views
0
Helpful
5
Replies

Unable to remove Static Drop entry | 2960 Cam Table

nathanaelminesso
Level 1
Level 1

‎11-19-2013 07:40 AM - edited ‎03-07-2019 04:40 PM

Hi all,

I am facing a strange issue here on a production switch (Cisco 2960 IOS 12.2(55)SE5)

I have the following entry in my cam table:

switch#show mac add int gi0/10

          Mac Address Table

-------------------------------------------

Vlan    Mac Address       Type        Ports

----    -----------       --------    -----

123    1234.1234.1234 STATIC      Drop

Although this mac-id has not been statically entered in any way it shows up as static and I can't remove it. I tried all possible clear commands without success. As a last step I reset the interface to the default empty config just configuring it as access port in an office vlan.

I am trying to avoid having to reload the switch to clear the related memory as this generates downtime. Has anyone ever faced such an issue and can advise me?

Logs:

switch#show mac add add 1234.1234.1234

          Mac Address Table

-------------------------------------------

Vlan    Mac Address       Type        Ports

----    -----------       --------    -----

123    1234.1234.1234    STATIC      Drop <-- note the "interface"

Total Mac Addresses for this criterion: 1

Current configuration : 47 bytes

!

interface GigabitEthernet0/10

shutdown

end

switch#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

switch(config)#int gi0/10

switch(config-if)#sw mod ac

switch(config-if)#sw ac vl 123

switch(config-if)#no sh

switch(config-if)#do sh mac add int gi0/10

          Mac Address Table

-------------------------------------------

Vlan    Mac Address       Type        Ports

----    -----------       --------    -----

123    1234.1234.1234    STATIC      Drop

Total Mac Addresses for this criterion: 1

switch(config)#clear mac address-table static 1234.1234.1234 vlan 123 drop

MAC address could not be removed.

Address is not user configured

switch#clear mac add dynamic address 1234.1234.1234

switch#sh mac add add 1234.1234.1234

          Mac Address Table

-------------------------------------------

Vlan    Mac Address       Type        Ports

----    -----------       --------    -----

123    1234.1234.1234    STATIC      Drop

Total Mac Addresses for this criterion: 1

Labels:
0 Helpful
5 Replies 5

Umesh Shetty
Level 1
Level 1

‎11-19-2013 09:58 AM

Hi,

Can you try this please.

1> Was any port security configured in this interface or this switch.

2> can you share the output of the command show run | i 1234.1234.1234.1234

HTH

Regards

Umesh

0 Helpful

nathanaelminesso
Level 1
Level 1
In response to Umesh Shetty

‎11-20-2013 12:20 AM

Hi Umesh,

Of course there is nothing with this mac in the config. That was like the first thing that has been checked. There was dot1x running on this and all the other ports which of course has been disabled and cleared accordingly.

The problem is that there is some sort of cam table holding the Drop entries and although it should the memory is not being freed up when using the commands according to the documentation.

This is definitely a question for an IOS geek or someone who already had a similar issue once. If I open a TAC case they will tell me to reboot so the only hope is really someone who had this issue already once and resolved it without reboot.

Anyone with experience in this?

0 Helpful

nathanaelminesso
Level 1
Level 1
In response to nathanaelminesso

‎11-21-2013 01:30 AM

A restart solved the issue. Unfortunately, there was no workaround

0 Helpful

Alex Pfeil
Level 7
Level 7

‎08-09-2021 10:20 AM

I had a real similar issue to this. The MAC address was showing up on two different ports. I removed the 802.1x configuration on both ports and it resolved the issue. I was going to reboot the switch if that had not fixed the problem.

0 Helpful

howardgoble
Level 1
Level 1

‎11-09-2022 11:47 AM - edited ‎11-09-2022 11:48 AM

I had this problem today as well.  Got the "MAC address could not be removed. Address is not user configured" also.  Similar to another reply below, I had to remove all port-security commands from both ports.  Meaning, a) the port the MAC address was stuck on, and b) the port I was trying to move the device with that MAC address to.  I tried both permutations of removing port-security from one port or the other, neither configuration worked, I had to remove all port-security commands from both ports.  This was the only way to avoid restarting the switch midday.  

Now the MAC address shows on both ports, the old and new.  At my level of understanding this seems like a bug:

OC-12th-Access-1#show mac address-table addr 4825.671e.7f71
Load for five secs: 38%/0%; one minute: 39%; five minutes: 41%
Time source is NTP, 11:39:52.690 PST Wed Nov 9 2022
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
112 4825.671e.7f71 DYNAMIC Gi4/0/41  <-- New port device was moved to
140 4825.671e.7f71 STATIC Gi2/0/27  <-- Old port device was connected to
Total Mac Addresses for this criterion: 2
OC-12th-Access-1#

We're running c2960x-universalk9-mz.150-2.EX5.bin on this stack.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card