How do you clear a Cisco Switch Port Security Sticky settings?

I had several ports err-disable.  I tried to shut/no-shut, but the ports went err-disable again.
(No mac-address was specified in the config)

 Then I removed ALL port-security commands, then reinstalled them (including the "sticky" command, but NO specific MAC-addresses).  They still went into err-disable.  

What steps are required to insert new servers into an switchport that was configured for port-security?

 I found the same problem on both 2960 and 2560 switches.

Thanks
jimmycherAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Steven CarnahanNetwork ManagerCommented:
The order

Look at the conf for the MAC that it has assigned.  

sh run int f0/2 (substitute your interface)

conf t
int f0/2 (same as above)
no switchport port-security mac-address xxxx.xxxx.xxxx (the old MAC address)
no shut


That should bring the interface back up. If not then look for a duplicate MAC address (are you moving this device from one location to another?
0
schmitty007Commented:
If these are VM servers which sounds like they might be if they are triggering your err-disable state on the switch port. The sticky commands means the switch-port will learn what MAC address is connected to that port and will write it into its running configuration. Its a way to have the switch automatically add the MAC address of the device connected without specifying it manually. The default action of port-security is set to disable you can set this to restrict as well.

Something you can try is to increase the number of maximum MACs learned on that switch port the default is only 1 so if you have VM servers you will need to increase this number to how ever many VMs you have +1 for the Host.
Example
 Switch(config)# interface gi0/14
 Switch(config-if)# switchport port-security maximum 4
0
jimmycherAuthor Commented:
The config only showed:

  int F0/1
    vlan 1
    switchport port-security
    switchport port-security mac-address sticky

There was no specific MAC address in the config on that interface.

The duplicate MAC address comment might be germane however, since some unused ports did have a MAC address specified.    I'll have to double check.   I guess you are saying that if a MAC address is specified on int F0/27, then you can't plug that server's MAC into F0/1 ?  That makes sense, and is something I'll check on.

Is there ever a need to clear ARP or anything else?

Thanks
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

jimmycherAuthor Commented:
Good info Smitty007, but these were stand-alone servers.  I'm thinking the MAC address specified on another switchport is the problem.
0
Steven CarnahanNetwork ManagerCommented:
Only on rare occasions have I had to clear the ARP for this situation. Normally it is either a duplicate MAC somewhere or a previously assigned MAC on the port in question.  You can look at the MAC address table to see if either of these situations appear.

show mac-address-table

And I would also consider what Schmitty007 said if you are using VM's.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
schmitty007Commented:
If single servers I would agree the switch has that Mac in its config. If its static to the port a show run will tell you which port.
0
jimmycherAuthor Commented:
Many thanks for ultra-quick respones.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Hardware-Other

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.