[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

How do you clear a Cisco Switch Port Security Sticky settings?

Posted on 2012-04-02
7
Medium Priority
?
1,849 Views
Last Modified: 2012-08-13
I had several ports err-disable.  I tried to shut/no-shut, but the ports went err-disable again.
(No mac-address was specified in the config)

 Then I removed ALL port-security commands, then reinstalled them (including the "sticky" command, but NO specific MAC-addresses).  They still went into err-disable.  

What steps are required to insert new servers into an switchport that was configured for port-security?

 I found the same problem on both 2960 and 2560 switches.

Thanks
0
Comment
Question by:jimmycher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 26

Expert Comment

by:pony10us
ID: 37797661
The order

Look at the conf for the MAC that it has assigned.  

sh run int f0/2 (substitute your interface)

conf t
int f0/2 (same as above)
no switchport port-security mac-address xxxx.xxxx.xxxx (the old MAC address)
no shut


That should bring the interface back up. If not then look for a duplicate MAC address (are you moving this device from one location to another?
0
 
LVL 4

Expert Comment

by:schmitty007
ID: 37797690
If these are VM servers which sounds like they might be if they are triggering your err-disable state on the switch port. The sticky commands means the switch-port will learn what MAC address is connected to that port and will write it into its running configuration. Its a way to have the switch automatically add the MAC address of the device connected without specifying it manually. The default action of port-security is set to disable you can set this to restrict as well.

Something you can try is to increase the number of maximum MACs learned on that switch port the default is only 1 so if you have VM servers you will need to increase this number to how ever many VMs you have +1 for the Host.
Example
 Switch(config)# interface gi0/14
 Switch(config-if)# switchport port-security maximum 4
0
 

Author Comment

by:jimmycher
ID: 37797705
The config only showed:

  int F0/1
    vlan 1
    switchport port-security
    switchport port-security mac-address sticky

There was no specific MAC address in the config on that interface.

The duplicate MAC address comment might be germane however, since some unused ports did have a MAC address specified.    I'll have to double check.   I guess you are saying that if a MAC address is specified on int F0/27, then you can't plug that server's MAC into F0/1 ?  That makes sense, and is something I'll check on.

Is there ever a need to clear ARP or anything else?

Thanks
0
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

 

Author Comment

by:jimmycher
ID: 37797712
Good info Smitty007, but these were stand-alone servers.  I'm thinking the MAC address specified on another switchport is the problem.
0
 
LVL 26

Accepted Solution

by:
pony10us earned 600 total points
ID: 37797728
Only on rare occasions have I had to clear the ARP for this situation. Normally it is either a duplicate MAC somewhere or a previously assigned MAC on the port in question.  You can look at the MAC address table to see if either of these situations appear.

show mac-address-table

And I would also consider what Schmitty007 said if you are using VM's.
0
 
LVL 4

Assisted Solution

by:schmitty007
schmitty007 earned 200 total points
ID: 37797730
If single servers I would agree the switch has that Mac in its config. If its static to the port a show run will tell you which port.
0
 

Author Closing Comment

by:jimmycher
ID: 37797747
Many thanks for ultra-quick respones.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question