Solved

How do you clear a Cisco Switch Port Security Sticky settings?

Posted on 2012-04-02
7
1,511 Views
Last Modified: 2012-08-13
I had several ports err-disable.  I tried to shut/no-shut, but the ports went err-disable again.
(No mac-address was specified in the config)

 Then I removed ALL port-security commands, then reinstalled them (including the "sticky" command, but NO specific MAC-addresses).  They still went into err-disable.  

What steps are required to insert new servers into an switchport that was configured for port-security?

 I found the same problem on both 2960 and 2560 switches.

Thanks
0
Comment
Question by:jimmycher
  • 3
  • 2
  • 2
7 Comments
 
LVL 26

Expert Comment

by:pony10us
ID: 37797661
The order

Look at the conf for the MAC that it has assigned.  

sh run int f0/2 (substitute your interface)

conf t
int f0/2 (same as above)
no switchport port-security mac-address xxxx.xxxx.xxxx (the old MAC address)
no shut


That should bring the interface back up. If not then look for a duplicate MAC address (are you moving this device from one location to another?
0
 
LVL 4

Expert Comment

by:schmitty007
ID: 37797690
If these are VM servers which sounds like they might be if they are triggering your err-disable state on the switch port. The sticky commands means the switch-port will learn what MAC address is connected to that port and will write it into its running configuration. Its a way to have the switch automatically add the MAC address of the device connected without specifying it manually. The default action of port-security is set to disable you can set this to restrict as well.

Something you can try is to increase the number of maximum MACs learned on that switch port the default is only 1 so if you have VM servers you will need to increase this number to how ever many VMs you have +1 for the Host.
Example
 Switch(config)# interface gi0/14
 Switch(config-if)# switchport port-security maximum 4
0
 

Author Comment

by:jimmycher
ID: 37797705
The config only showed:

  int F0/1
    vlan 1
    switchport port-security
    switchport port-security mac-address sticky

There was no specific MAC address in the config on that interface.

The duplicate MAC address comment might be germane however, since some unused ports did have a MAC address specified.    I'll have to double check.   I guess you are saying that if a MAC address is specified on int F0/27, then you can't plug that server's MAC into F0/1 ?  That makes sense, and is something I'll check on.

Is there ever a need to clear ARP or anything else?

Thanks
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 

Author Comment

by:jimmycher
ID: 37797712
Good info Smitty007, but these were stand-alone servers.  I'm thinking the MAC address specified on another switchport is the problem.
0
 
LVL 26

Accepted Solution

by:
pony10us earned 150 total points
ID: 37797728
Only on rare occasions have I had to clear the ARP for this situation. Normally it is either a duplicate MAC somewhere or a previously assigned MAC on the port in question.  You can look at the MAC address table to see if either of these situations appear.

show mac-address-table

And I would also consider what Schmitty007 said if you are using VM's.
0
 
LVL 4

Assisted Solution

by:schmitty007
schmitty007 earned 50 total points
ID: 37797730
If single servers I would agree the switch has that Mac in its config. If its static to the port a show run will tell you which port.
0
 

Author Closing Comment

by:jimmycher
ID: 37797747
Many thanks for ultra-quick respones.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Is your computer hacked? learn how to detect and delete malware in your PC
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question