asd-dave
asked on
Proper procedure to reset a ERR-DISABLED
Our IP phones are running on a stack of three Cisco Catalyst 3750's. They are running IOS Version 12.2(25)SEE2). We have port security and sticky mac-addresses enabled on all interfaces. We recently replaced a phone in one office, and the port went into a err-disabled state, as expected.
But what is the proper way to reset it when you are plugging in a different device? "shut / no shut" only works if we plug in the old phone. I have also issued a "shut" on the interface, removed all port security from the interface (including the sticky mac address), and then issued "no shut". When I do that, the phone comes up fine, but when I reapply port security and the sticky mac-address, the port goes into err-disabled again. I even tried waiting overnight, hoping the old mac-address would flush out of the mac address table after a few hours. But that did not work.
I know I can hard code the mac-address on the port, but that would just be a work around. I really want to know the proper procedure when using sticky mac-addresses. I've searched Cisco's web site for an answer. And I've found tons of documentation about port security, but I've been unable to find an answer to this seemingly simple question.
But what is the proper way to reset it when you are plugging in a different device? "shut / no shut" only works if we plug in the old phone. I have also issued a "shut" on the interface, removed all port security from the interface (including the sticky mac address), and then issued "no shut". When I do that, the phone comes up fine, but when I reapply port security and the sticky mac-address, the port goes into err-disabled again. I even tried waiting overnight, hoping the old mac-address would flush out of the mac address table after a few hours. But that did not work.
I know I can hard code the mac-address on the port, but that would just be a work around. I really want to know the proper procedure when using sticky mac-addresses. I've searched Cisco's web site for an answer. And I've found tons of documentation about port security, but I've been unable to find an answer to this seemingly simple question.
ASKER
Do you know if the default aging time is infinite? If so, do you know how I would clear the mac address if we wanted to keep it infinite? Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
And yes, the default value is infinite.
switchport port-security
switchport port-security maximum 2
switchport port-security aging time 5
switchport port-security violation restrict/protect // (restrict logs the event, protect drops packets)
switchport port-security aging type inactivity