?
Solved

How do you clear a Cisco Switch Port Security Sticky settings?

Posted on 2012-04-02
7
Medium Priority
?
1,691 Views
Last Modified: 2012-08-13
I had several ports err-disable.  I tried to shut/no-shut, but the ports went err-disable again.
(No mac-address was specified in the config)

 Then I removed ALL port-security commands, then reinstalled them (including the "sticky" command, but NO specific MAC-addresses).  They still went into err-disable.  

What steps are required to insert new servers into an switchport that was configured for port-security?

 I found the same problem on both 2960 and 2560 switches.

Thanks
0
Comment
Question by:jimmycher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 26

Expert Comment

by:pony10us
ID: 37797661
The order

Look at the conf for the MAC that it has assigned.  

sh run int f0/2 (substitute your interface)

conf t
int f0/2 (same as above)
no switchport port-security mac-address xxxx.xxxx.xxxx (the old MAC address)
no shut


That should bring the interface back up. If not then look for a duplicate MAC address (are you moving this device from one location to another?
0
 
LVL 4

Expert Comment

by:schmitty007
ID: 37797690
If these are VM servers which sounds like they might be if they are triggering your err-disable state on the switch port. The sticky commands means the switch-port will learn what MAC address is connected to that port and will write it into its running configuration. Its a way to have the switch automatically add the MAC address of the device connected without specifying it manually. The default action of port-security is set to disable you can set this to restrict as well.

Something you can try is to increase the number of maximum MACs learned on that switch port the default is only 1 so if you have VM servers you will need to increase this number to how ever many VMs you have +1 for the Host.
Example
 Switch(config)# interface gi0/14
 Switch(config-if)# switchport port-security maximum 4
0
 

Author Comment

by:jimmycher
ID: 37797705
The config only showed:

  int F0/1
    vlan 1
    switchport port-security
    switchport port-security mac-address sticky

There was no specific MAC address in the config on that interface.

The duplicate MAC address comment might be germane however, since some unused ports did have a MAC address specified.    I'll have to double check.   I guess you are saying that if a MAC address is specified on int F0/27, then you can't plug that server's MAC into F0/1 ?  That makes sense, and is something I'll check on.

Is there ever a need to clear ARP or anything else?

Thanks
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 

Author Comment

by:jimmycher
ID: 37797712
Good info Smitty007, but these were stand-alone servers.  I'm thinking the MAC address specified on another switchport is the problem.
0
 
LVL 26

Accepted Solution

by:
pony10us earned 600 total points
ID: 37797728
Only on rare occasions have I had to clear the ARP for this situation. Normally it is either a duplicate MAC somewhere or a previously assigned MAC on the port in question.  You can look at the MAC address table to see if either of these situations appear.

show mac-address-table

And I would also consider what Schmitty007 said if you are using VM's.
0
 
LVL 4

Assisted Solution

by:schmitty007
schmitty007 earned 200 total points
ID: 37797730
If single servers I would agree the switch has that Mac in its config. If its static to the port a show run will tell you which port.
0
 

Author Closing Comment

by:jimmycher
ID: 37797747
Many thanks for ultra-quick respones.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question