hi lads ,
wea re using port security with a maximum of 10 mac-addresses specified . WE are also using the sticky feature to aid the configuration. Everything is on one vlan in the organisation. Heres the problem when we take a laptop from a port int a different departmetent up to the I.T department and plug it into one of our ports , it doesn't work . The new port dosent go into an err-disable state and if we try to speific the mac address on the new port port we get "Mac address already exists . The mac-add is under the old port , when we remove the entry fom the old port it works any ideas . 3750 stack running 12.2(25) SEB4.
Thanks in advance.
check teh config of the 1stswitch and check if teh mac address has been added to it. this is what "port-security mac-address sticky" and if it is the case, of course you will have a duplicate mac-address.
to remove it, use "no switchport port-security mac-address mac-address" this should clear your issue.
Have you tweaked the aging setting ?
thanks for the replies.
Yes I have speficed a time and action but the mac address stays ubder the original port but when I do a sh mac-address table xxxxx.xxxx.xxxx the mac address is no longer mapped to any port . The new port still passes no traffic.
here is the configuration as you can see the time and aging action have been specifed but it dosent work. Is there something we are missing here or is this a possible issue with the cam table and aging mac addresses timer on the interface .
Any ideas would be great....
switchport mode access
switchport port-security maximum 10
switchport port-security aging time 6
switchport port-security aging type inactivity
switchport port-security mac-address sticky
switchport port-security aging static
switchport port-security mac-address sticky 000b.cdf7.2748
switchport port-security mac-address sticky 0012.79be.d781
switchport port-security mac-address sticky 0015.60bb.a189
switchport port-security mac-address sticky 00b0.d018.0034
switchport port-security mac-address sticky 00c0.9f76.7e83
switchport port-security mac-address sticky 00c0.9f76.7ea5
spanning-tree bpduguard enable
also I noticed that under the remaining time in the age colum under the show port-security
is set ot a - sign , it should give a relevant number as time decreases instead its stuck at - .
Again any idea would be great.
thanks for all the posts lads,
I believe I've figured it out , you dont appear to be able to use the sticky command under the interface and also the aging-time .
When the sticky command is removed the time out works fine , although you can type in both commands the timeout will never work because the sticky command copies the mac address to the config .
Ah, so one of the mac-address listed above was the laptop's ? Well, yeah, you are statically associating that mac-address to the port.
use "no switchport port-security mac-address mac-address" this should clear your issue.
once u have removed ur PC, use teh above then recheck if mac address is still part of the config...it shoudl not be there anymore which means no duplication.